Vue 3 Migration #1160
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR pipeline | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| env: | |
| IMAGE_NAME: "pr-${{ github.event.number }}" | |
| ZAP_FILE: "zap-scan-pr-${{ github.event.number }}" | |
| GITHUB_CLIENT_ID: "${{ secrets.CI_GITHUB_CLIENT_ID }}" | |
| GITHUB_CLIENT_SECRET: "${{ secrets.CI_GITHUB_CLIENT_SECRET }}" | |
| ENCRYPTION_JWT_REFRESH_SIGNING_KEY: "${{ secrets.CI_JWT_REFRESH_SIGNING_KEY }}" | |
| ENCRYPTION_JWT_SIGNING_KEY: "${{ secrets.CI_JWT_SIGNING_KEY }}" | |
| ENCRYPTION_KEYS: "${{ secrets.CI_SESSION_ENCRYPTION_KEYS }}" | |
| NODE_ENV: development | |
| SERVER_API_PROTOCOL: http | |
| # for security reasons the github actions are pinned to specific SHAs | |
| jobs: | |
| md_linter: | |
| name: Lint docs | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout markdown | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Lint markdown | |
| uses: DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101 # v22.0.0 | |
| with: | |
| config: '.markdownlint.yaml' | |
| globs: | | |
| docs/*.md | |
| docs/**/*.md | |
| td.vue/*.md | |
| td.server/*.md | |
| *.md | |
| link_checker: | |
| name: Link checker | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout markdown | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| # https://github.com/lycheeverse/lychee-action?tab=readme-ov-file#utilising-the-cache-feature | |
| # Using a cache helps prevent rate-limiting and other failures | |
| # This is cached only per-commit, and is intended to help | |
| # with re-runs | |
| - name: Restore lychee cache | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: .lycheecache | |
| key: cache-lychee-${{ github.sha }} | |
| restore-keys: cache-lychee- | |
| - name: Link Checker | |
| uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0 | |
| with: | |
| args: >- | |
| --verbose | |
| --no-progress | |
| --max-retries 1 | |
| --retry-wait-time 10 | |
| --cache | |
| 'docs/**/*.md' | |
| 'docs/*.md' | |
| '*.md' | |
| fail: true | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| spell_checker: | |
| name: Check spelling | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout markdown | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Spell check EN language | |
| uses: rojopolis/spellcheck-github-actions@e3cd8e9aec4587ec73bc0e60745aafd45c37aa2e # 0.60.0 | |
| with: | |
| config_path: .spellcheck.yaml | |
| server_unit_tests: | |
| name: Server unit tests | |
| runs-on: ubuntu-24.04 | |
| defaults: | |
| run: | |
| working-directory: td.server | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Use node LTS 24.14 | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24.14' | |
| - name: Cache NPM dir | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| ${{ runner.os }}- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:unit | |
| site_unit_tests: | |
| name: Site unit tests | |
| runs-on: ubuntu-24.04 | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Use node LTS 24.14 | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24.14' | |
| - name: Cache NPM dir | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| ${{ runner.os }}- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| - name: Site lint | |
| run: npm run lint | |
| - name: Run unit tests | |
| run: npm run test:unit | |
| desktop_unit_tests: | |
| name: Desktop unit tests | |
| runs-on: ubuntu-24.04 | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Use node LTS 24.14 | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24.14' | |
| - name: Cache NPM dir | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| ${{ runner.os }}- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| - name: Desktop lint | |
| run: npm run lint:desktop | |
| - name: Run unit tests | |
| run: npm run test:desktop | |
| codeql: | |
| name: Analyze with codeql | |
| runs-on: ubuntu-24.04 | |
| needs: [server_unit_tests, site_unit_tests, desktop_unit_tests] | |
| permissions: | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 | |
| with: | |
| languages: 'javascript' | |
| config-file: ./.github/codeql/codeql-config.yml | |
| # If you wish to specify custom queries, you can do so here or in a config file. | |
| # By default, queries listed here will override any specified in a config file. | |
| # Prefix the list here with "+" to use these queries and those in the config file. | |
| - name: CodeQL autobuild | |
| uses: github/codeql-action/autobuild@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 | |
| - name: Perform vulnerability analysis | |
| uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 | |
| e2e_smokes: | |
| name: Local site e2e smokes | |
| runs-on: ubuntu-24.04 | |
| needs: [site_unit_tests, server_unit_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Use node LTS 24.14 | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24.14' | |
| - name: Cache NPM dir | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| ${{ runner.os }}- | |
| - name: Install front-end | |
| run: npm clean-install | |
| - name: Build and run locally | |
| run: npm run start:serve | |
| - name: Run e2e tests | |
| run: npm run test:e2e-pr-smokes | |
| - name: Upload e2e videos | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: e2e_vids.zip | |
| path: tests/e2e/videos | |
| if: ${{ failure() && hashFiles('tests/e2e/videos/') != '' }} | |
| desktop_e2e_smokes: | |
| name: Desktop e2e smokes | |
| runs-on: ubuntu-24.04 | |
| needs: [site_unit_tests, desktop_unit_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Use node LTS 24.14 | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24.14' | |
| - name: Cache NPM dir | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| ${{ runner.os }}- | |
| - name: Install clean packages | |
| # TODO: remove --legacy-peer-deps after the Vue 3 migration | |
| run: npm clean-install --legacy-peer-deps | |
| - name: Build Linux desktop app | |
| run: npm run build:desktop -- --linux AppImage --x64 --publish never | |
| - name: Run desktop e2e smokes | |
| run: xvfb-run -a npm run test:e2e:desktop | |
| - name: Upload desktop e2e logs | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: desktop-e2e-logs | |
| path: td.vue/wdio-logs | |
| if-no-files-found: ignore | |
| if: ${{ failure() }} | |
| e2e_tests: | |
| name: Local site e2e tests | |
| runs-on: ubuntu-24.04 | |
| needs: e2e_smokes | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Use node LTS 24.14 | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24.14' | |
| - name: Cache NPM dir | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install front-end | |
| run: npm clean-install | |
| - name: Build and run locally | |
| run: npm run start:serve | |
| - name: Run e2e tests | |
| run: npm run test:e2e-pr | |
| - name: Upload e2e videos | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: e2e_vids.zip | |
| path: tests/e2e/videos | |
| if: ${{ failure() && hashFiles('tests/e2e/videos/') != '' }} | |
| zap_scan_web_app: | |
| name: Local site zap scan | |
| runs-on: ubuntu-24.04 | |
| needs: e2e_tests | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Use node LTS 24.14 | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24.14' | |
| - name: Cache NPM dir | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Clean install | |
| run: | | |
| npm clean-install --ignore-scripts | |
| cd td.server | |
| npm clean-install | |
| cd ../td.vue | |
| npm clean-install | |
| - name: Build and run locally | |
| run: npm start | |
| - name: ZAP Scan | |
| uses: zaproxy/action-full-scan@3c58388149901b9a03b7718852c5ba889646c27c # v0.13.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| target: 'http://localhost:8080' | |
| rules_file_name: '.github/workflows/.zap-rules-web.tsv' | |
| allow_issue_writing: false | |
| fail_action: false | |
| artifact_name: ${{ env.ZAP_FILE }} | |
| cmd_options: '-a' | |
| build_docker_image: | |
| name: Build docker image | |
| runs-on: ubuntu-24.04 | |
| needs: e2e_smokes | |
| if: github.repository == 'OWASP/threat-dragon' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| with: | |
| install: true | |
| - name: Cache Docker layers | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| ${{ runner.os }}- | |
| - name: Build for amd64 | |
| id: docker_build | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 | |
| with: | |
| context: ./ | |
| file: ./Dockerfile | |
| builder: ${{ steps.buildx.outputs.name }} | |
| tags: ${{ env.IMAGE_NAME }} | |
| outputs: type=docker,dest=/tmp/${{ env.IMAGE_NAME }}.tar | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
| platforms: linux/amd64 | |
| load: true | |
| - name: Upload docker local image | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: ${{ env.IMAGE_NAME }} | |
| path: /tmp/${{ env.IMAGE_NAME }}.tar | |
| - name: Check docker local image | |
| run: | | |
| docker load --input /tmp/${{ env.IMAGE_NAME }}.tar | |
| docker image ls -a | |
| - # Temp fix for large cache bug | |
| # https://github.com/docker/build-push-action/issues/252 | |
| name: Move cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| scan_image_with_trivy: | |
| name: Scan with Trivy | |
| runs-on: ubuntu-24.04 | |
| needs: build_docker_image | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Retrieve local docker image | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: ${{ env.IMAGE_NAME }} | |
| path: /tmp | |
| - name: Load local docker image | |
| run: | | |
| docker load --input /tmp/${{ env.IMAGE_NAME }}.tar | |
| - name: Run Trivy vulnerability scanner | |
| # Pinned to commit for v0.35.0 | |
| uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 | |
| with: | |
| image-ref: '${{ env.IMAGE_NAME }}' | |
| format: 'table' | |
| trivyignores: '.github/workflows/.trivyignore' | |
| exit-code: 1 | |
| skip-files: '/app/docs/configure/bitbucket.html' |