quotation fix #369
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs | |
| name: Build and Deploy | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| #declare environment variables | |
| env: | |
| AWS_REGION: ap-southeast-1 | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [20.x] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Cache node modules | |
| uses: actions/cache@v4 | |
| with: | |
| # See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples.md#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node | |
| path: | | |
| ~/.npm | |
| ${{ github.workspace }}/.next/cache | |
| # Generate a new cache whenever packages or source files change. | |
| key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }} | |
| # If source files changed but packages didn't, rebuild from a prior cache. | |
| restore-keys: | | |
| ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}- | |
| - name: Clean Install dependencies | |
| run: npm ci | |
| - name: Test | |
| run: npm run test | |
| env: | |
| NEXT_PUBLIC_COGNITO_CLIENT_ID: ${{ secrets.COGNITO_CLIENT_ID }} | |
| NEXT_PUBLIC_QUEMISTRY_GATEWAY_URL: ${{ secrets.QUEMISTRY_GATEWAY_URL }} | |
| #Run sonar cloud scan | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarcloud-github-action@master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| - name: Build | |
| run: npm run build | |
| env: | |
| NEXT_PUBLIC_COGNITO_CLIENT_ID: ${{ secrets.COGNITO_CLIENT_ID }} | |
| NEXT_PUBLIC_QUEMISTRY_GATEWAY_URL: ${{ secrets.QUEMISTRY_GATEWAY_URL }} | |
| #Upload artifact | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: quemistry-web-client | |
| path: dist/ | |
| overwrite: true | |
| audit: | |
| needs: build | |
| name: Audit Packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Audit packages | |
| run: npm audit --audit-level moderate | |
| env: | |
| CI: true | |
| deploy_to_s3: | |
| needs: [build, audit] | |
| runs-on: ubuntu-latest | |
| steps: | |
| #Download artifact | |
| - name: Download Artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: quemistry-web-client | |
| path: dist_s3/ | |
| - name: Deploy to S3 | |
| run: | | |
| aws s3 sync dist_s3/ s3://quemisty-client-web --delete | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} | |
| # Invalidate Cloudfront (this action) | |
| - name: invalidate | |
| uses: chetan/invalidate-cloudfront-action@master | |
| env: | |
| DISTRIBUTION: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} | |
| PATHS: '/*' | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| # zap_scan: | |
| # permissions: write-all | |
| # needs: deploy_to_s3 | |
| # runs-on: ubuntu-latest | |
| # name: Zap Scan | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v2 | |
| # with: | |
| # ref: main | |
| # - name: ZAP Scan | |
| # uses: zaproxy/[email protected] | |
| # with: | |
| # target: ${{ secrets.PROD_URL }} |