-
Notifications
You must be signed in to change notification settings - Fork 299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New workflows #9753
New workflows #9753
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
A production App ID was automatically generated for this PR. (log)
Click here to copy & paste above information.
|
🚨 Lighthouse report for the changes in this PR:
Lighthouse ran with https://deriv-app-git-fork-ali-hosseini-deriv-new-workflows.binary.sx/ |
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AI Review (AI review can be wrong. Do not use it as the only source of feedback)
The code follows best practices for building and deploying applications using Github Actions and Docker. However, the code lacks error handling in case of unsuccessful steps. In terms of security, although sensitive data such as Docker Hub credentials are stored as secrets, it's important to ensure that secrets are not accidentally logged, printed, or leaked through other ways. There's also a potential logic error in the condition checking whether a cache hit is true and executing the script if not in the build-and-test
action.
Security:
- Docker credentials (
DOCKERHUB_USERNAME
andDOCKERHUB_PASSWORD
) and KubernetesCA_CRT
certificate are stored securely as secrets, which is good practice.
Error Handling:
-
In the 'build-and-deploy-staging' workflow, error handling for each step is missing. For example, measures should be put in place in case the 'Build and Test' step or 'Build and Push image to docker hub' does not complete successfully.
-
Similarly, in 'build-and-test' workflow, error handling for each step is missing.
Logic:
- In the
build-and-test
GitHub action, npm commandsnpm ci
andnpm run bootstrap
should not be executed every time the cache is missed. These commands should be executed beforehand, and their results should be cached.
Minor:
-
The "Check tests" sections in 'action.yml' are repeating and can be optimized in terms of loops or grouped as functions to avoid redundancy.
-
runs-on: ubuntu-latest
declares a latest version as a runner. But according to best practices, it's better to use specific version of runner to avoid any forthcoming changes to 'latest' version that may cause issues. -
Missing newline at the end of some files. Although it's a minor issue, having a newline at the end of each file is a common convention.
Overall, the code follows good practices in terms of continuous integration/continuous delivery (CI/CD) and security, but it should improve on error handling and implement some logic corrections to ensure a more robust system.
This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
This PR was closed because it has been stalled for 5 days with no activity. Please reopen it if needed. |
Changes:
Please provide a summary of the change.
Screenshots:
Please provide some screenshots of the change.