Skip to content

chore(deps): update dependency electron-updater to v6 [security] #5614

chore(deps): update dependency electron-updater to v6 [security]

chore(deps): update dependency electron-updater to v6 [security] #5614

Workflow file for this run

name: main
on:
push:
branches:
- "**"
env:
NEXT_TELEMETRY_DISABLED: 1 # https://nextjs.org/telemetry
jobs:
build_website:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/dependencies
- name: Build home
run: |
pnpm build home
- name: Build editor playground
run: |
pnpm build playground
- name: Upload dist (home)
uses: actions/upload-artifact@v3
with:
name: home_dist
path: ./packages/home/dist
- name: Upload dist (editor playground)
uses: actions/upload-artifact@v3
with:
name: editor_playground_dist
path: ./packages/playground/dist
build_package:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/dependencies
- name: Build packages
run: |
pnpm build electron-renderer electron-main electron-preload common editor
build_electron:
runs-on: macos-latest
concurrency: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.electron_build_target }}
needs:
- create_github_release
strategy:
matrix:
electron_build_target:
- win
- mac
- linux
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/dependencies
- name: Build dependencies
run: |
pnpm build electron^...
- name: Build electron and upload to GitHub release if necessary
run: >
cd packages/electron;
( echo "==== Attempt: 1 ====" && pnpm build:${{ matrix.electron_build_target }} ) ||
( echo "==== Attempt: 2 ====" && pnpm build:${{ matrix.electron_build_target }} ) ||
( echo "==== Attempt: 3 ====" && pnpm build:${{ matrix.electron_build_target }} ) ||
( echo "====== Failed ======" && exit 1 )
env:
ELECTRON_APPLE_ID_NAME: ${{ secrets.ELECTRON_APPLE_ID_NAME }}
ELECTRON_APPLE_ID: ${{ secrets.ELECTRON_APPLE_ID }}
ELECTRON_APPLE_ID_PASSWORD: ${{ secrets.ELECTRON_APPLE_ID_PASSWORD }}
CSC_LINK: ${{ secrets.ELECTRON_MAC_P12_BASE64 }}
CSC_KEY_PASSWORD: ${{ secrets.ELECTRON_MAC_P12_PASSWORD }}
GH_TOKEN: ${{ secrets.RELEASE_PLEASE_GITHUB_TOKEN }}
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/dependencies
- name: Run vitest
# Sets the max memory size of V8's old memory section as 7680 (7.5GB)
run: |
export NODE_OPTIONS="--max-old-space-size=7680"
pnpm test:coverage
- name: Commit changed files
if: ${{ github.ref_name != 'master' && always() }}
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add .
git commit -m "chore: upload changed files during CI" || true
- name: Run visual tests
if: ${{ github.ref_name != 'master' && always() }}
run: |
cd packages/playground
pnpm test:vitest:visual
- name: Push changed files
if: ${{ github.ref_name != 'master' && always() }}
run: |
git add .
git commit -m "chore: upload changed files during CI" || true
git push || true
- name: Upload coverage information to codecov
uses: codecov/codecov-action@v3
with:
file: ./coverage/coverage-final.json
fail_ci_if_error: false # Specify if CI pipeline should fail when Codecov runs into errors during upload. Defaults to false
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/dependencies
- name: Lint
run: pnpm lint .
- name: Check typescript types
run: pnpm typecheck
preview: # Preview deployment
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/dependencies
- name: Build home
run: |
pnpm build home
- name: Build editor playground
run: |
pnpm build playground
- id: step_branch
name: Get the branch name
run: |
echo "::set-output name=branch::$(node scripts/slugify-branch.js)"
- id: step_vercel_home
name: Deploy @rino.app/home to Vercel
# Vercel only allows a free account to deploy 100 times every day so this step could fail
continue-on-error: true
timeout-minutes: 10
uses: amondnet/vercel-action@v25
with:
github-comment: false
vercel-token: ${{ secrets.VERCEL_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID_HOME }}
alias-domains: rino-home-${{ steps.step_branch.outputs.branch }}.ocavue.vercel.app
vercel-args: --meta TYPE=PREVIEW
working-directory: ./packages/home/dist/
- id: step_vercel_playground
name: Deploy @rino.app/playground to Vercel
continue-on-error: true
timeout-minutes: 10
uses: amondnet/vercel-action@v25
with:
github-comment: false
vercel-token: ${{ secrets.VERCEL_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID_EDITOR }}
alias-domains: rino-editor-${{ steps.step_branch.outputs.branch }}.ocavue.vercel.app
vercel-args: --meta TYPE=PREVIEW
working-directory: ./packages/playground/dist/
- id: step_find_pr
uses: jwalton/gh-find-current-pr@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
continue-on-error: true
- uses: marocchino/sticky-pull-request-comment@v2
if: ${{ steps.step_find_pr.outcome == 'success' }}
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
number: ${{ steps.step_find_pr.outputs.pr }}
message: |
## Preview Deployment ${{ github.sha }}:
### Home
- Status: ***${{ steps.step_vercel_home.outcome }}***
- URL: https://rino-home-${{ steps.step_branch.outputs.branch }}.ocavue.vercel.app
### Editor playground
- Status: ***${{ steps.step_vercel_playground.outcome }}***
- URL: https://rino-editor-${{ steps.step_branch.outputs.branch }}.ocavue.vercel.app
- name: Generate configrations for Lighthouse CI
run: node scripts/generate-lighthouserc.js
if: steps.step_vercel_home.outcome == 'success'
- name: Run lighthouse
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
LHCI_GITHUB_APP_TOKEN: ${{ secrets.LHCI_GITHUB_APP_TOKEN }} # Install this GitHub App and get the token: https://github.com/apps/lighthouse-ci
run: |
export PATH="$PATH:$PWD/packages/rig/node_modules/.bin"
lhci autorun --config .lighthouserc.home.json
if: steps.step_vercel_home.outcome == 'success'
create_github_release:
runs-on: ubuntu-latest
concurrency: global_concurrency_release
needs:
- test
steps:
- uses: actions/checkout@v3
- name: Get current electron app version
run: |
RINO_APP_VERSION="v$(cat packages/electron/package.json | jq '.version' --join-output)"
echo "Current app version is $RINO_APP_VERSION"
echo "RINO_APP_VERSION=$RINO_APP_VERSION" >> $GITHUB_ENV
- name: Prepare GitHub release note
run: |
echo "$RINO_RELEASE_NOTE" > /tmp/rino-release-notes.md
env:
RINO_RELEASE_NOTE: |
This is a release for the desktop app.
Please refer to [CHANGELOG.md](https://github.com/ocavue/rino/blob/${{ env.RINO_APP_VERSION }}/packages/electron/CHANGELOG.md) for details.
- name: Print GitHub release note
run: |
cat /tmp/rino-release-notes.md
- name: Create GitHub release
if: ${{ github.ref == 'refs/heads/changeset-release/master' || github.ref == 'refs/heads/master' }}
# Create a draft release if not exists
run: |
gh release view "${RINO_APP_VERSION}" || gh release create "${RINO_APP_VERSION}" --title "${RINO_APP_VERSION}" --draft --notes-file /tmp/rino-release-notes.md
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release:
runs-on: ubuntu-latest
concurrency: global_concurrency_release
needs:
- build_website
- build_package
- build_electron
- test
- lint
- preview
if: github.ref == 'refs/heads/master'
steps:
- uses: actions/checkout@v3
with:
token: ${{ secrets.RELEASE_PLEASE_GITHUB_TOKEN }}
- uses: ./.github/actions/dependencies
- id: step_changeset
name: Create Release Pull Request or Publish to npm
uses: changesets/action@v1
with:
version: pnpm ci:version
publish: pnpm ci:publish
commit: "chore: version packages"
title: "chore: version packages"
createGithubReleases: false
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_PLEASE_GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
outputs:
published: ${{ steps.step_changeset.outputs.published }}
deploy: # Production deployment
runs-on: ubuntu-latest
concurrency: global_concurrency_release
needs:
# make sure that `deploy` only depends on `release` because we don't want `deploy` to skip if `release` succeeded.
- release
steps:
- uses: actions/checkout@v3
- name: Download dist (home)
uses: actions/download-artifact@v3
with:
name: home_dist
path: ./packages/home/dist
- name: Download dist (playground)
uses: actions/download-artifact@v3
with:
name: editor_playground_dist
path: ./packages/playground/dist
- id: step_vercel_home
name: Deploy @rino.app/home to Vercel
timeout-minutes: 10
uses: amondnet/vercel-action@v25
with:
github-comment: false
vercel-token: ${{ secrets.VERCEL_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID_HOME }}
alias-domains: rino-home-master.ocavue.vercel.app
vercel-args: --prod --meta TYPE=PRODUCTION
working-directory: ./packages/home/dist/
- id: step_vercel_playground
name: Deploy @rino.app/playground to Vercel
timeout-minutes: 10
uses: amondnet/vercel-action@v25
with:
github-comment: false
vercel-token: ${{ secrets.VERCEL_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID_EDITOR }}
alias-domains: rino-editor-master.ocavue.vercel.app
vercel-args: --prod --meta TYPE=PRODUCTION
working-directory: ./packages/playground/dist/