fix(deps): update dependency drizzle-orm to v0.45.2 [security] - autoclosed #14925
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Node CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| merge_group: | |
| # abort running jobs if newer version is detected on same branch | |
| concurrency: | |
| group: ${{ github.head_ref || github.ref }} | |
| env: | |
| CI: true | |
| LOG_LEVEL: fatal # avoid unnecessary logging | |
| # random keys | |
| APPS_JWT_SECRET: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef | |
| APPS_PUBLISHER_ID: 9c9cea73-f3b7-48a3-aa6e-ead82c0685e7 # mock uuid | |
| GRAASPER_CREATOR_ID: bbbf7cac-6139-45e4-8fbf-4cf767b50b29 # mock uuid | |
| COOKIE_DOMAIN: localhost | |
| CLIENT_HOST: http://localhost:3114 | |
| DB_PASSWORD: docker | |
| DB_USERNAME: docker | |
| DB_NAME: docker | |
| DB_CONNECTION: postgres://docker:docker@localhost:5432/docker?sslmode=disable | |
| EMBEDDED_LINK_ITEM_IFRAMELY_HREF_ORIGIN: 'http://localhost:1234' | |
| ETHERPAD_API_KEY: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef | |
| ETHERPAD_PUBLIC_URL: 'http://localhost:9001' | |
| ETHERPAD_URL: 'http://etherpad:9001' | |
| LIBRARY_CLIENT_HOST: 'http://localhost:3113' | |
| FILE_STORAGE_ROOT_PATH: / | |
| H5P_FILE_STORAGE_TYPE: s3 | |
| H5P_PATH_PREFIX: h5p-content/ | |
| H5P_CONTENT_REGION: garage | |
| H5P_CONTENT_BUCKET: h5p-content | |
| H5P_CONTENT_ACCESS_KEY_ID: graasp-pwd | |
| H5P_CONTENT_SECRET_ACCESS_KEY_ID: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef | |
| JWT_SECRET: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef | |
| PASSWORD_RESET_JWT_SECRET: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef | |
| EMAIL_CHANGE_JWT_SECRET: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef | |
| MAILER_CONNECTION: smtp://username:password@localhost:1025 | |
| RECAPTCHA_SECRET_ACCESS_KEY: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef | |
| REDIS_CONNECTION: 'redis://localhost:6379' | |
| S3_FILE_ITEM_ACCESS_KEY_ID: graasp-user | |
| S3_FILE_ITEM_BUCKET: graasp | |
| FILE_STORAGE_TYPE: s3 | |
| S3_FILE_ITEM_REGION: us-east-1 | |
| S3_FILE_ITEM_SECRET_ACCESS_KEY: graasp-pwd | |
| SECURE_SESSION_SECRET_KEY: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef | |
| MEILISEARCH_URL: fake | |
| MEILISEARCH_MASTER_KEY: fake | |
| GEOLOCATION_API_KEY: geolocation-key | |
| GEOLOCATION_API_HOST: http://localhost:12345 | |
| jobs: | |
| build-unit: | |
| runs-on: ubuntu-latest | |
| # Service containers to run with `container-job` | |
| services: | |
| # Label used to access the service container | |
| postgres: | |
| # Docker Hub image | |
| image: postgres | |
| # Provide the password for postgres | |
| env: | |
| POSTGRES_PASSWORD: ${{ env.DB_PASSWORD }} | |
| POSTGRES_USER: ${{ env.DB_USERNAME }} | |
| POSTGRES_DB: ${{ env.DB_NAME }} | |
| ports: | |
| - 5432:5432 # exposing 5432 port for application to use | |
| # Set health checks to wait until postgres has started | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| # Label used to access the service container | |
| graasp-redis: | |
| # Docker Hub image | |
| image: redis | |
| ports: | |
| # Opens tcp port 6379 on the host and service container | |
| - 6379:6379 | |
| # Set health checks to wait until redis has started | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| - name: Get yarn cache directory | |
| id: yarn-cache-dir-path | |
| run: | | |
| echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
| key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-yarn- | |
| - name: yarn install and build | |
| run: | | |
| yarn | |
| yarn build | |
| - name: yarn check | |
| run: yarn check | |
| - name: apply migrations on empty database | |
| run: yarn migration:run | |
| - name: check migrations are up to date | |
| run: yarn migration:check | |
| - name: vitest tests | |
| run: yarn vitest | |
| test-node: | |
| strategy: | |
| # NOTE: switch this on if you want to have the result of all the shards to fix more tests at once. | |
| # fail-fast: false | |
| matrix: | |
| shard: [1/4, 2/4, 3/4, 4/4] | |
| runs-on: ubuntu-latest | |
| # Service containers to run with `container-job` | |
| services: | |
| # Label used to access the service container | |
| postgres: | |
| # Docker Hub image | |
| image: postgres | |
| # Provide the password for postgres | |
| env: | |
| POSTGRES_PASSWORD: ${{ env.DB_PASSWORD }} | |
| POSTGRES_USER: ${{ env.DB_USERNAME }} | |
| POSTGRES_DB: ${{ env.DB_NAME }} | |
| ports: | |
| - 5432:5432 # exposing 5432 port for application to use | |
| # Set health checks to wait until postgres has started | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| # Label used to access the service container | |
| graasp-redis: | |
| # Docker Hub image | |
| image: redis | |
| ports: | |
| # Opens tcp port 6379 on the host and service container | |
| - 6379:6379 | |
| # Set health checks to wait until redis has started | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| - name: Get yarn cache directory | |
| id: yarn-cache-dir-path | |
| run: | | |
| echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
| key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-yarn- | |
| - uses: actions/cache@v4 | |
| with: | |
| path: .jest-cache | |
| key: ${{ runner.os }}-jest-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-jest- | |
| - name: yarn install | |
| run: | | |
| yarn | |
| - name: apply migrations on empty database | |
| run: yarn migration:run | |
| - name: yarn test | |
| run: yarn test:ci --shard=${{ matrix.shard }} |