-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'develop' into dependabot/npm_and_yarn/semver-5.7.2
- Loading branch information
Showing
34 changed files
with
475 additions
and
520 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,20 +14,20 @@ jobs: | |
name: Build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/checkout@v4 | ||
- name: Get yarn cache directory path | ||
id: yarn-cache-dir-path | ||
run: echo "::set-output name=dir::$(yarn cache dir)" | ||
- name: Cache node_modules | ||
uses: actions/cache@v2 | ||
uses: actions/cache@v3 | ||
id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) | ||
with: | ||
path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | ||
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-yarn- | ||
- name: Use NodeJs | ||
uses: actions/setup-node@v1 | ||
uses: actions/setup-node@v3 | ||
with: | ||
node-version: '16.x' | ||
|
||
|
@@ -60,7 +60,7 @@ jobs: | |
containers: [1, 2, 3] | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
uses: actions/checkout@v4 | ||
- name: Run cypress | ||
uses: cypress-io/[email protected] | ||
with: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,47 +6,10 @@ on: | |
- main | ||
|
||
jobs: | ||
build-and-test: | ||
name: Build & test | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Get yarn cache directory path | ||
id: yarn-cache-dir-path | ||
run: echo "::set-output name=dir::$(yarn cache dir)" | ||
- name: Cache node_modules | ||
uses: actions/cache@v2 | ||
id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) | ||
with: | ||
path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | ||
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-yarn- | ||
- name: Use NodeJs | ||
uses: actions/setup-node@v1 | ||
with: | ||
node-version: '16.x' | ||
|
||
- name: Install dependencies | ||
run: yarn install --frozen-lockfile --non-interactive | ||
|
||
- name: Run linting | ||
run: yarn lint | ||
|
||
- name: Build app | ||
run: yarn build | ||
env: | ||
NEXT_PUBLIC_ROLLBAR_ENV: CI | ||
NEXT_PUBLIC_FIREBASE_API_KEY: ${{ secrets.NEXT_PUBLIC_FIREBASE_API_KEY }} | ||
NEXT_PUBLIC_ROLLBAR_CLIENT_TOKEN: ${{ secrets.NEXT_PUBLIC_ROLLBAR_CLIENT_TOKEN }} | ||
NEXT_PUBLIC_STORYBLOK_TOKEN: ${{ secrets.NEXT_PUBLIC_STORYBLOK_TOKEN }} | ||
- name: Test app | ||
run: yarn test | ||
deploy-to-prod: | ||
needs: build-and-test | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/checkout@v4 | ||
- uses: akhileshns/[email protected] # This is the action | ||
with: | ||
heroku_api_key: ${{secrets.HEROKU_API_KEY}} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,48 +6,11 @@ on: | |
- develop | ||
|
||
jobs: | ||
build-and-test: | ||
name: Build & test | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Get yarn cache directory path | ||
id: yarn-cache-dir-path | ||
run: echo "::set-output name=dir::$(yarn cache dir)" | ||
- name: Cache node_modules | ||
uses: actions/cache@v2 | ||
id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) | ||
with: | ||
path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | ||
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-yarn- | ||
- name: Use NodeJs | ||
uses: actions/setup-node@v1 | ||
with: | ||
node-version: '16.x' | ||
|
||
- name: Install dependencies | ||
run: yarn install --frozen-lockfile --non-interactive | ||
|
||
- name: Run linting | ||
run: yarn lint | ||
|
||
- name: Build app | ||
run: yarn build | ||
env: | ||
NEXT_PUBLIC_ROLLBAR_ENV: CI | ||
NEXT_PUBLIC_FIREBASE_API_KEY: ${{ secrets.NEXT_PUBLIC_FIREBASE_API_KEY }} | ||
NEXT_PUBLIC_ROLLBAR_CLIENT_TOKEN: ${{ secrets.NEXT_PUBLIC_ROLLBAR_CLIENT_TOKEN }} | ||
NEXT_PUBLIC_STORYBLOK_TOKEN: ${{ secrets.NEXT_PUBLIC_STORYBLOK_TOKEN }} | ||
- name: Test app | ||
run: yarn test | ||
deploy-to-staging: | ||
name: Deploy to staging | ||
needs: build-and-test | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/checkout@v4 | ||
- uses: akhileshns/[email protected] # This is the action | ||
with: | ||
heroku_api_key: ${{secrets.HEROKU_API_KEY}} | ||
|
@@ -70,9 +33,9 @@ jobs: | |
containers: [1, 2, 3] | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
uses: actions/checkout@v4 | ||
- name: Run cypress | ||
uses: cypress-io/github-action@v5.0.9 | ||
uses: cypress-io/github-action@v6 | ||
with: | ||
browser: chrome | ||
spec: cypress/**/*.cy.tsx | ||
|
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# Chayn Security Policy | ||
|
||
## Report a Vulnerability | ||
|
||
To report a security issue, please email [email protected] with the following information: | ||
|
||
1. **The Chayn product** with the vulnerability. | ||
2. **A short summary of the problem.** Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. | ||
3. Complete instructions, including specific configuration details, to **reproduce the vulnerability.** | ||
|
||
Optional information to include if applicable: | ||
- Propose a remediation suggestion if you have one. Make it clear that this is just a suggestion, as the maintainer might have a better idea to fix the issue. | ||
- Credit: List all researchers who contributed to this disclosure. If you found the vulnerability with a specific tool, you can also credit this tool. | ||
- Contact information for further collaboration. If the vulernerability is accepted, we will be happy to collaborate with you, and review your fix to make sure that all corner cases are covered. | ||
|
||
You will receive an email from us confirming we have received your bug report. | ||
|
||
## Disclosure Policy | ||
|
||
Chayn is dedicated to working closely with the open source community and with projects that are affected by a vulnerability, in order to protect users and ensure a coordinated disclosure. | ||
|
||
If the project team responds and agrees the issue poses a security risk, we will work with the project security team or maintainers to communicate the vulnerability in detail, and agree on the process for public disclosure. Responsibility for developing and releasing a patch lies firmly with the project team, though we aim to facilitate this by providing detailed information about the vulnerability. | ||
|
||
Our disclosure deadline for publicly disclosing a vulnerability is: 90 days after the first report to the project team. | ||
|
||
We **appreciate the hard work** contributors and maintainers put into fixing vulnerabilities and understand that sometimes more time is required to properly address an issue. We want project maintainers and contributors to succeed and because of that we are always open to discuss our disclosure policy to fit your specific requirements, when warranted. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.