chore(deps): update dependency ws to v8 [security] #243
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request Analysis | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| branches: ["develop"] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| determine-affected: | |
| name: "Turbo Affected" | |
| if: ${{!github.event.pull_request.head.repo.fork && contains(fromJSON('["thesan", "themooneer", "cgrellard-ledger", "KVNLS", "LucasWerey", "mcayuelas-ledger", "lewisd5"]'), github.event.sender.login)}} | |
| uses: LedgerHQ/ledger-live/.github/workflows/turbo-affected-reusable.yml@develop | |
| with: | |
| head_branch: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref }} | |
| base_branch: ${{ github.event.pull_request.base.ref || github.event.merge_group.base_ref }} | |
| sonarqube: | |
| name: "SonarQube" | |
| needs: determine-affected | |
| if: ${{contains(needs.determine-affected.outputs.paths, 'ledger-live-desktop') || contains(needs.determine-affected.outputs.paths, 'ledger-live-mobile')}} | |
| runs-on: [ledger-live-4xlarge] | |
| env: | |
| MOBILE_AFFECTED: ${{contains(needs.determine-affected.outputs.paths, 'ledger-live-mobile')}} | |
| DESKTOP_AFFECTED: ${{contains(needs.determine-affected.outputs.paths, 'ledger-live-desktop')}} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup git user | |
| uses: LedgerHQ/ledger-live/tools/actions/composites/setup-git-user@develop | |
| - name: Setup the caches | |
| uses: LedgerHQ/ledger-live/tools/actions/composites/setup-caches@develop | |
| id: caches | |
| with: | |
| skip-turbo-cache: "false" | |
| accountId: ${{ secrets.AWS_ACCOUNT_ID_PROD }} | |
| roleName: ${{ secrets.AWS_CACHE_ROLE_NAME }} | |
| region: ${{ secrets.AWS_CACHE_REGION }} | |
| turbo-server-token: ${{ secrets.TURBOREPO_SERVER_TOKEN }} | |
| - name: fetch develop | |
| run: | | |
| git fetch origin develop | |
| - name: Install and Build desktop dependencies | |
| if: ${{env.DESKTOP_AFFECTED == 'true'}} | |
| run: | | |
| pnpm i --filter="ledger-live-desktop..." --filter="ledger-live" --no-frozen-lockfile --unsafe-perm | |
| pnpm build:lld:deps --api="http://127.0.0.1:${{ steps.caches.outputs.port }}" --token="${{ secrets.TURBOREPO_SERVER_TOKEN }}" --team="foo" | |
| - name: Install and Build mobile dependencies | |
| if: ${{env.MOBILE_AFFECTED == 'true'}} | |
| run: | | |
| pnpm i --filter="live-mobile..." --filter="ledger-live" --no-frozen-lockfile --unsafe-perm | |
| pnpm build:llm:deps --api="http://127.0.0.1:${{ steps.caches.outputs.port }}" --token="${{ secrets.TURBOREPO_SERVER_TOKEN }}" --team="foo" | |
| - name: Generate Unit test coverage for LLD only | |
| if: ${{env.DESKTOP_AFFECTED == 'true' && env.MOBILE_AFFECTED == 'false'}} | |
| run: | | |
| pnpm desktop test:jest:coverage | |
| cat apps/ledger-live-desktop/coverage/lcov.info > ./lcov.info | |
| cat apps/ledger-live-desktop/coverage/lld-sonar-executionTests-report.xml > ./lld-sonar-executionTests-report.xml | |
| - name: Generate Unit test coverage for LLM only | |
| if: ${{env.MOBILE_AFFECTED == 'true' && env.DESKTOP_AFFECTED == 'false'}} | |
| run: | | |
| pnpm mobile test:jest:coverage | |
| cat apps/ledger-live-mobile/coverage/lcov.info > ./lcov.info | |
| cat apps/ledger-live-mobile/coverage/llm-sonar-executionTests-report.xml > ./llm-sonar-executionTests-report.xml | |
| - name: Generate Unit test coverage for LLD & LLM | |
| if: ${{env.DESKTOP_AFFECTED == 'true' && env.MOBILE_AFFECTED == 'true'}} | |
| run: | | |
| pnpm desktop test:jest:coverage | |
| pnpm mobile test:jest:coverage | |
| cat apps/ledger-live-desktop/coverage/lcov.info apps/ledger-live-mobile/coverage/lcov.info > ./lcov.info | |
| cat apps/ledger-live-desktop/coverage/lld-sonar-executionTests-report.xml > ./lld-sonar-executionTests-report.xml | |
| cat apps/ledger-live-mobile/coverage/llm-sonar-executionTests-report.xml > ./llm-sonar-executionTests-report.xml | |
| - name: SonarQubeScan desktop only | |
| if: ${{env.DESKTOP_AFFECTED == 'true' && env.MOBILE_AFFECTED == 'false'}} | |
| uses: SonarSource/sonarqube-scan-action@v4 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.sources=apps/ledger-live-desktop,libs | |
| -Dsonar.testExecutionReportPaths=lld-sonar-executionTests-report.xml | |
| - name: SonarQubeScan mobile only | |
| if: ${{env.MOBILE_AFFECTED == 'true' && env.DESKTOP_AFFECTED == 'false'}} | |
| uses: SonarSource/sonarqube-scan-action@v4 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.sources=apps/ledger-live-mobile,libs | |
| -Dsonar.testExecutionReportPaths=llm-sonar-executionTests-report.xml | |
| - name: SonarQubeScan desktop and mobile | |
| if: ${{env.DESKTOP_AFFECTED == 'true' && env.MOBILE_AFFECTED == 'true'}} | |
| uses: SonarSource/sonarqube-scan-action@v4 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |