[Snyk] Security upgrade selenium-webdriver from 3.6.0 to 4.1.0 #294
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| env: | |
| # Using Quay.io | |
| REGISTRY: quay.io | |
| REGISTRY_USERNAME: dabreadman | |
| REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} | |
| # OpenShift Token | |
| OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} | |
| OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} | |
| APP_PORT: 8080 | |
| OPENSHIFT_NAMESPACE: ${{ secrets.OPENSHIFT_NAMESPACE }} | |
| APP_NAME: "covid-app" | |
| TAG: "" | |
| # Application environment variables | |
| VUE_APP_COVIDAPIKEY: ${{ secrets.VUE_APP_COVIDAPIKEY }} | |
| VUE_APP_POPULATIONAPIKEY: ${{ secrets.VUE_APP_POPULATIONAPIKEY }} | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "covid-vue-app" | |
| - ".github/workflows" | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| dev-deployment: | |
| name: Build and deploy to OpenShift Dev | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./covid-vue-app | |
| environment: development | |
| outputs: | |
| image: ${{ steps.image.outputs.image }} | |
| steps: | |
| - name: Check if secrets exists | |
| uses: actions/github-script@v3 | |
| with: | |
| script: | | |
| const secrets = { | |
| REGISTRY_PASSWORD: `${{ env.REGISTRY_PASSWORD }}`, | |
| OPENSHIFT_SERVER: `${{ env.OPENSHIFT_SERVER }}`, | |
| OPENSHIFT_TOKEN: `${{ env.OPENSHIFT_TOKEN }}`, | |
| VUE_APP_COVIDAPIKEY: `${{ env.VUE_APP_COVIDAPIKEY }}`, | |
| VUE_APP_POPULATIONAPIKEY: `${{ env.VUE_APP_POPULATIONAPIKEY }}` | |
| }; | |
| const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { | |
| if (value.length === 0) { | |
| core.warning(`Secret "${name}" is not set`); | |
| return true; | |
| } | |
| core.info(`✔️ Secret "${name}" is set`); | |
| return false; | |
| }); | |
| if (missingSecrets.length > 0) { | |
| core.setFailed(`❌ At least one required secret is not set in the repository. \n` + | |
| "You can add it using:\n" + | |
| "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + | |
| "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + | |
| "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); | |
| } | |
| else { | |
| core.info(`✅ All the required secrets are set`); | |
| } | |
| - uses: actions/checkout@v2 | |
| - name: Determine app name | |
| if: env.APP_NAME == '' | |
| run: | | |
| echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV | |
| - name: Determine tag by version | |
| if: env.TAG == '' | |
| run: | | |
| echo "TAG=$(jq -r .version package.json)" | tee -a $GITHUB_ENV | |
| - name: Build image, run lint/test | |
| run: podman build . --file ./docker/Dockerfile --build-arg VUE_APP_COVIDAPIKEY=${{ env.VUE_APP_COVIDAPIKEY }} --build-arg VUE_APP_POPULATIONAPIKEY=${{ env.VUE_APP_POPULATIONAPIKEY }} --build-arg APP_PORT=${{ env.APP_PORT }} --tag ${{ env.REGISTRY }}/${{ env.REGISTRY_USERNAME }}/${{ env.APP_NAME }}:${{ env.TAG }} | |
| - name: Registry Autherisation | |
| run: podman login -u ${{ env.REGISTRY_USERNAME }} -p ${{ env.REGISTRY_PASSWORD }} quay.io | |
| - name: Push to registry | |
| run: podman push ${{ env.REGISTRY }}/${{ env.REGISTRY_USERNAME }}/${{ env.APP_NAME }}:${{ env.TAG }} | |
| - name: Log in to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | |
| openshift_token: ${{ env.OPENSHIFT_TOKEN }} | |
| insecure_skip_tls_verify: true | |
| namespace: ${{ env.OPENSHIFT_NAMESPACE }} | |
| - name: Create and expose app | |
| id: deploy-and-expose | |
| uses: redhat-actions/oc-new-app@v1 | |
| with: | |
| app_name: ${{ env.APP_NAME }} | |
| image: ${{ env.REGISTRY }}/${{ env.REGISTRY_USERNAME }}/${{ env.APP_NAME }}:${{ env.TAG }} | |
| namespace: ${{ env.OPENSHIFT_NAMESPACE }} | |
| port: ${{ env.APP_PORT }} |