chore: package.json & package-lock.json to reduce vulnerabilities (#2… #2643
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
- develop | |
- beta | |
- nakamoto | |
tags-ignore: | |
- "**" | |
paths-ignore: | |
- "**/CHANGELOG.md" | |
- "**/package.json" | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".nvmrc" | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: | | |
~/.npm | |
**/node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Install deps | |
run: npm ci --audit=false | |
- name: Lint ESLint | |
run: npm run lint:eslint | |
- name: Lint Prettier | |
run: npm run lint:prettier | |
- name: Lint Unused Exports | |
run: npm run lint:unused-exports | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
suite: | |
[ | |
api, | |
bns, | |
bns-e2e, | |
btc-faucet, | |
event-replay, | |
rpc, | |
# subnets, | |
] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".nvmrc" | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: | | |
~/.npm | |
**/node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Install deps | |
run: npm ci --audit=false | |
- name: Install client deps | |
working-directory: client | |
run: npm ci --audit=false | |
- name: Setup env vars | |
run: echo "STACKS_CORE_EVENT_HOST=http://0.0.0.0" >> $GITHUB_ENV | |
- name: Setup replay directories | |
if: matrix.suite == 'event-replay' | |
run: | | |
mkdir -p tests/event-replay/.tmp/local/ | |
sudo chown 999:999 tests/event-replay/.tmp/local/ | |
sudo chmod -R 777 tests/event-replay/.tmp/local/ | |
- name: Setup integration environment | |
run: | | |
sudo ufw disable | |
npm run devenv:deploy -- -d | |
npm run devenv:logs -- --no-color &> docker-compose-logs.txt & | |
- name: Run tests | |
run: npm run test:${{ matrix.suite }} -- --coverage | |
- name: Print integration environment logs | |
run: cat docker-compose-logs.txt | |
if: failure() | |
- name: Teardown integration environment | |
run: npm run devenv:stop | |
if: always() | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
if: always() | |
test-2_5: | |
strategy: | |
fail-fast: false | |
matrix: | |
suite: | |
[ | |
block-zero-handling, | |
faucet-stx, | |
pox-4-btc-address-formats, | |
pox-4-delegate-aggregation, | |
pox-4-delegate-stacking, | |
pox-4-delegate-revoked-stacking, | |
pox-4-stack-extend-increase, | |
pox-4-rosetta-btc-addr-types, | |
pox-4-rosetta-cycle-phases, | |
pox-4-rosetta-segwit, | |
pox-4-burnchain-stack-stx, | |
pox-4-burnchain-delegate-stx, | |
] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".nvmrc" | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: | | |
~/.npm | |
**/node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Install deps | |
run: npm ci --audit=false | |
- name: Setup env vars | |
run: echo "STACKS_CORE_EVENT_HOST=http://0.0.0.0" >> $GITHUB_ENV | |
- name: Setup integration environment | |
run: | | |
sudo ufw disable | |
npm run devenv:deploy-krypton -- -d | |
npm run devenv:logs-krypton -- --no-color &> docker-compose-logs.txt & | |
- name: Run tests | |
run: npm run test:2.5 -- --testPathPattern "${{ matrix.suite }}" --coverage | |
- name: Print integration environment logs | |
run: cat docker-compose-logs.txt | |
if: failure() | |
- name: Teardown integration environment | |
run: npm run devenv:stop-krypton | |
if: always() | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
if: always() | |
test-rosetta: | |
strategy: | |
fail-fast: false | |
matrix: | |
suite: | |
[ | |
rosetta, | |
rosetta-construction, | |
rosetta-cli-data, | |
rosetta-cli-construction, | |
] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".nvmrc" | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: | | |
~/.npm | |
**/node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Install deps | |
run: npm ci --audit=false | |
- name: Setup env vars | |
run: echo "STACKS_CORE_EVENT_HOST=http://0.0.0.0" >> $GITHUB_ENV | |
- name: Setup CLI env vars | |
if: contains(matrix.suite, 'cli') | |
run: | | |
echo STACKS_BLOCKCHAIN_API_HOST=0.0.0.0>> .env | |
echo STACKS_CORE_PROXY_HOST=0.0.0.0 >> .env | |
echo STACKS_CORE_RPC_HOST=0.0.0.0 >> .env | |
echo STACKS_CORE_EVENT_HOST=0.0.0.0 >> .env | |
echo BTC_RPC_HOST=http://0.0.0.0 >> .env | |
- name: Setup integration environment | |
run: | | |
sudo ufw disable | |
npm run devenv:deploy-krypton -- -d | |
npm run devenv:logs-krypton -- --no-color &> docker-compose-logs.txt & | |
- name: Run tests | |
run: npm run test:${{ matrix.suite }} -- --coverage | |
- name: Print integration environment logs | |
run: cat docker-compose-logs.txt | |
if: failure() | |
- name: Teardown integration environment | |
run: npm run devenv:stop-krypton | |
if: always() | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
if: always() | |
build-publish: | |
runs-on: ubuntu-latest | |
needs: | |
- lint | |
- test | |
- test-2_5 | |
- test-rosetta | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }} | |
fetch-depth: 0 | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".nvmrc" | |
- name: Semantic Release | |
uses: cycjimmy/semantic-release-action@v4 | |
id: semantic | |
# Only run on non-PR events or only PRs that aren't from forks | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} | |
SEMANTIC_RELEASE_PACKAGE: ${{ github.event.repository.name }} | |
with: | |
semantic_version: 19 | |
extra_plugins: | | |
@semantic-release/[email protected] | |
@semantic-release/[email protected] | |
@semantic-release/[email protected] | |
[email protected] | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker Meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
blockstack/${{ github.event.repository.name }} | |
hirosystems/${{ github.event.repository.name }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}},value=${{ steps.semantic.outputs.new_release_version }},enable=${{ steps.semantic.outputs.new_release_version != '' }} | |
type=semver,pattern={{major}}.{{minor}},value=${{ steps.semantic.outputs.new_release_version }},enable=${{ steps.semantic.outputs.new_release_version != '' }} | |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Build/Tag/Push Image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
platforms: ${{ (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/beta') && 'linux/amd64,linux/arm64' || 'linux/amd64' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
# Only push if (there's a new release on main branch, or if building a non-main branch) and (Only run on non-PR events or only PRs that aren't from forks) | |
push: ${{ (github.ref != 'refs/heads/master' || steps.semantic.outputs.new_release_version != '') && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }} | |
- name: API Discord notification | |
if: steps.semantic.outputs.new_release_version != '' | |
uses: Ilshidur/action-discord@master | |
env: | |
DISCORD_WEBHOOK: ${{ secrets.DISCORD_API_WEBHOOK }} | |
DISCORD_USERNAME: Hiro Team | |
DISCORD_AVATAR: "https://i.imgur.com/z9Iy6ug.png" | |
DISCORD_EMBEDS: | | |
[{ | |
"title": "API Release: ${{ steps.semantic.outputs.new_release_version }}", | |
"url": "https://github.com/hirosystems/stacks-blockchain-api/releases/tag/v${{ steps.semantic.outputs.new_release_version }}" | |
}] | |
with: | |
args: ":rocket: A new version (${{ steps.semantic.outputs.new_release_version }}) of the Stacks Blockchain API is available on Github!" |