fix fast-xml-parser vulnerable to ReDOS at currency parsing (#801) #579
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- master | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
steps: | |
# Get GitHub token via the CT Changesets App | |
- name: Generate GitHub token (via CT Changesets App) | |
id: generate_github_token | |
uses: tibdex/[email protected] | |
with: | |
app_id: ${{ secrets.CT_CHANGESETS_APP_ID }} | |
private_key: ${{ secrets.CT_CHANGESETS_APP_PEM }} | |
- name: Get App user | |
id: get_app_user | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }} | |
run: | | |
export GH_APP_USER=`gh api /users/ct-changesets%5Bbot%5D | jq .id` | |
echo "email=${GH_APP_USER}+ct-changesets[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT" | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Pass a personal access token (using our CT Changesets App) to be able to trigger other workflows | |
# https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token | |
# https://github.community/t/action-does-not-trigger-another-on-push-tag-action/17148/8 | |
token: ${{ steps.generate_github_token.outputs.token }} | |
- name: Read .nvmrc | |
run: echo ::set-output name=NVMRC::$(cat .nvmrc) | |
id: nvm | |
- name: Setup Node (uses version in .nvmrc) | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '${{ steps.nvm.outputs.NVMRC }}' | |
- name: Get yarn cache | |
id: yarn-cache | |
run: echo "::set-output name=dir::$(yarn cache dir)" | |
- uses: actions/cache@v4 | |
with: | |
path: ${{ steps.yarn-cache.outputs.dir }} | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-yarn- | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
- name: Creating .npmrc | |
run: | | |
cat << EOF > "$HOME/.npmrc" | |
[email protected] | |
//registry.npmjs.org/:_authToken=$NPM_TOKEN | |
EOF | |
env: | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Building packages | |
run: yarn build | |
- name: Create Release Pull Request or Publish to npm | |
id: changesets | |
uses: changesets/action@master | |
with: | |
publish: yarn changeset publish | |
version: yarn changeset:version-and-format | |
commit: 'ci(changesets): version packages' | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }} | |
- name: Dispatch repository event | |
if: steps.changesets.outputs.published == 'true' | |
run: | | |
gh api --method POST /repos/commercetools/commercetools-typescript-sdk/dispatches -f "event_type=new_release" | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }} | |
- name: Convert markdown to slack markdown | |
uses: LoveToKnow/[email protected] | |
id: markdown | |
with: | |
text: | | |
A new version of [ts-sdk](https://github.com/commercetools/commercetools-sdk-typescript) was published to npm :rocket: | |
- name: Slack Notification | |
if: steps.changesets.outputs.published == 'true' | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_CHANNEL: devtooling-automation | |
SLACK_COLOR: ${{ job.status }} | |
MSG_MINIMAL: actions url,commit | |
SLACK_TITLE: Typescript SDK Release ✨ | |
SLACK_MESSAGE: ${{steps.markdown.outputs.text}} | |
SLACK_USERNAME: rtBot | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
- name: "Switch SDK to after release branch" | |
if: steps.changesets.outputs.published == 'true' | |
run: | | |
git fetch --depth=1 origin after-release || true | |
git checkout -B after-release origin/after-release || true | |
git checkout -B after-release | |
git log -1 | |
- name: "remove API reference commit SHA" | |
if: steps.changesets.outputs.published == 'true' | |
run: rm -rf reference.txt | |
continue-on-error: true | |
- uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 | |
if: steps.changesets.outputs.published == 'true' | |
with: | |
branch: after-release | |
file_pattern: 'reference.txt' | |
commit_message: "chore: updating API ref SHA" | |
commit_author: ct-changesets[bot] <${{ steps.get_app_user.outputs.email }}> | |
commit_user_name: ct-changesets[bot] | |
commit_user_email: ${{ steps.get_app_user.outputs.email }} |