Skip to content

[Snyk] Security upgrade eslint from 7.6.0 to 9.15.0 #33

[Snyk] Security upgrade eslint from 7.6.0 to 9.15.0

[Snyk] Security upgrade eslint from 7.6.0 to 9.15.0 #33

Workflow file for this run

name: CI
on:
push:
branches:
- development
pull_request:
workflow_call:
inputs:
repository:
default: desktop/desktop
required: false
type: string
ref:
required: true
type: string
upload-artifacts:
default: false
required: false
type: boolean
environment:
type: string
required: true
sign:
type: boolean
default: true
required: false
secrets:
AZURE_CODE_SIGNING_TENANT_ID:
AZURE_CODE_SIGNING_CLIENT_ID:
AZURE_CODE_SIGNING_CLIENT_SECRET:
DESKTOP_OAUTH_CLIENT_ID:
DESKTOP_OAUTH_CLIENT_SECRET:
APPLE_ID:
APPLE_ID_PASSWORD:
APPLE_TEAM_ID:
APPLE_APPLICATION_CERT:
APPLE_APPLICATION_CERT_PASSWORD:
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
env:
RELEASE_CHANNEL: ${{ inputs.environment }}
steps:
- uses: actions/checkout@v4
with:
repository: ${{ inputs.repository || github.repository }}
ref: ${{ inputs.ref }}
submodules: recursive
- uses: actions/setup-node@v4
with:
node-version: 16.17.1
cache: yarn
- run: yarn
- run: yarn validate-electron-version
- run: yarn lint
- run: yarn validate-changelog
- name: Ensure a clean working directory
run: git diff --name-status --exit-code
build:
name: ${{ matrix.friendlyName }} ${{ matrix.arch }}
runs-on: ${{ matrix.os }}
permissions:
contents: read
strategy:
fail-fast: false
matrix:
node: [18.16.1]
os: [macos-13-xl-arm64, windows-2019]
arch: [x64, arm64]
include:
- os: macos-13-xl-arm64
friendlyName: macOS
- os: windows-2019
friendlyName: Windows
timeout-minutes: 60
env:
RELEASE_CHANNEL: ${{ inputs.environment }}
steps:
- uses: actions/checkout@v4
with:
repository: ${{ inputs.repository || github.repository }}
ref: ${{ inputs.ref }}
submodules: recursive
- uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Use Node.js ${{ matrix.node }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
cache: yarn
# This step can be removed as soon as official Windows arm64 builds are published:
# https://github.com/nodejs/build/issues/2450#issuecomment-705853342
- name: Get NodeJS node-gyp lib for Windows arm64
if: ${{ matrix.os == 'windows-2019' && matrix.arch == 'arm64' }}
run: .\script\download-nodejs-win-arm64.ps1 ${{ matrix.node }}
- name: Install and build dependencies
run: yarn
env:
npm_config_arch: ${{ matrix.arch }}
TARGET_ARCH: ${{ matrix.arch }}
- name: Build production app
run: yarn build:prod
env:
DESKTOP_OAUTH_CLIENT_ID: ${{ secrets.DESKTOP_OAUTH_CLIENT_ID }}
DESKTOP_OAUTH_CLIENT_SECRET:
${{ secrets.DESKTOP_OAUTH_CLIENT_SECRET }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_APPLICATION_CERT: ${{ secrets.APPLE_APPLICATION_CERT }}
KEY_PASSWORD: ${{ secrets.APPLE_APPLICATION_CERT_PASSWORD }}
npm_config_arch: ${{ matrix.arch }}
TARGET_ARCH: ${{ matrix.arch }}
- name: Prepare testing environment
if: matrix.arch == 'x64'
run: yarn test:setup
env:
npm_config_arch: ${{ matrix.arch }}
- name: Run unit tests
if: matrix.arch == 'x64'
run: yarn test:unit
- name: Run script tests
if: matrix.arch == 'x64'
run: yarn test:script
- name: Install Azure Code Signing Client
if: ${{ runner.os == 'Windows' && inputs.sign }}
run: |
$acsZip = Join-Path $env:RUNNER_TEMP "acs.zip"
$acsDir = Join-Path $env:RUNNER_TEMP "acs"
Invoke-WebRequest -Uri https://www.nuget.org/api/v2/package/Azure.CodeSigning.Client/1.0.38 -OutFile $acsZip -Verbose
Expand-Archive $acsZip -Destination $acsDir -Force -Verbose
# Replace ancient signtool in electron-winstall with one that supports ACS
Copy-Item -Path "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\*" -Include signtool.exe,signtool.exe.manifest,Microsoft.Windows.Build.Signing.mssign32.dll.manifest,mssign32.dll,Microsoft.Windows.Build.Signing.wintrust.dll.manifest,wintrust.dll,Microsoft.Windows.Build.Appx.AppxSip.dll.manifest,AppxSip.dll,Microsoft.Windows.Build.Appx.AppxPackaging.dll.manifest,AppxPackaging.dll,Microsoft.Windows.Build.Appx.OpcServices.dll.manifest,OpcServices.dll -Destination "node_modules\electron-winstaller\vendor" -Verbose
- name: Package production app
run: yarn package
env:
npm_config_arch: ${{ matrix.arch }}
AZURE_TENANT_ID: ${{ secrets.AZURE_CODE_SIGNING_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CODE_SIGNING_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CODE_SIGNING_CLIENT_SECRET }}
- name: Upload artifacts
uses: actions/upload-artifact@v3
if: ${{ inputs.upload-artifacts }}
with:
name: ${{matrix.friendlyName}}-${{matrix.arch}}
path: |
dist/GitHub Desktop-${{matrix.arch}}.zip
dist/GitHubDesktop-*.nupkg
dist/GitHubDesktopSetup-${{matrix.arch}}.exe
dist/GitHubDesktopSetup-${{matrix.arch}}.msi
dist/bundle-size.json
if-no-files-found: error