Skip to content

Update npm package next to v14 [SECURITY] #7187

Update npm package next to v14 [SECURITY]

Update npm package next to v14 [SECURITY] #7187

Workflow file for this run

name: Deploy
on:
pull_request:
push:
branches:
- main
merge_group:
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: hashintel
TURBO_REMOTE_ONLY: true
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
setup:
runs-on: ubuntu-24.04
outputs:
sourcemaps: ${{ steps.packages.outputs.sourcemaps }}
steps:
- name: Checkout source code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 2
- name: Enable corepack
uses: ./.github/actions/enable-corepack
- name: Install turbo
uses: ./.github/actions/install-turbo
- name: Determine changed packages
id: packages
run: |
SOURCEMAPS_FILTER=$(turbo run sentry:sourcemaps --dry-run=json --filter '...[HEAD^]' | jq -e '.packages | contains(["//"])' > /dev/null && echo '' || echo '--filter ...[HEAD^]')
SOURCEMAPS_FILTER_TASKS=$(sh -c "turbo run sentry:sourcemaps --dry-run=json $SOURCEMAPS_FILTER_FILTER" | jq -c '.tasks[]')
SOURCEMAPS_FILTER_PACKAGES=$(echo "$SOURCEMAPS_FILTER_TASKS" \
| jq 'select(.task == "sentry:sourcemaps" and .command != "<NONEXISTENT>")' \
| jq --compact-output --slurp '{ package: [.[].package] | unique, include: [( .[] | {package: .package, directory: .directory })] | unique }')
set -x
echo "sourcemaps=$SOURCEMAPS_FILTER_PACKAGES" | tee -a $GITHUB_OUTPUT
sourcemaps:
name: Sourcemaps
needs: [setup]
strategy:
matrix: ${{ fromJSON(needs.setup.outputs.sourcemaps) }}
fail-fast: false
if: needs.setup.outputs.sourcemaps != '{"package":[],"include":[]}' && github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-24.04
permissions:
id-token: write
contents: read
steps:
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
env:
VAULT_ROLE: ${{ github.event_name == 'push' && 'prod' || 'dev' }}
with:
url: ${{ secrets.VAULT_ADDR }}
method: jwt
role: ${{ env.VAULT_ROLE }}
secrets: |
automation/data/pipelines/hash/${{ env.VAULT_ROLE }} sentry_auth_token | SENTRY_AUTH_TOKEN
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Enable corepack
uses: ./.github/actions/enable-corepack
- name: Install turbo
uses: ./.github/actions/install-turbo
- name: Prune repository
uses: ./.github/actions/prune-repository
with:
scope: ${{ matrix.package }}
- name: Warm up repository
uses: ./.github/actions/warm-up-repo
- name: Log in to Sentry
run: yarn sentry-cli login --auth-token ${{ steps.secrets.outputs.SENTRY_AUTH_TOKEN }}
- name: Build sourcemaps
run: turbo run sentry:sourcemaps --env-mode=loose --filter "${{ matrix.package }}"
passed:
name: Deployments passed
needs: [setup, sourcemaps]
if: always()
runs-on: ubuntu-latest
steps:
- name: Check setup script
run: |
[[ ${{ needs.setup.result }} = success ]]
- name: Check sourcemaps
run: |
[[ ${{ needs.sourcemaps.result }} =~ success|skipped ]]
- name: Notify Slack on failure
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
if: ${{ failure() && github.event_name == 'merge_group' }}
env:
SLACK_LINK_NAMES: true
SLACK_MESSAGE: "At least one deployment job failed for a Pull Request in the Merge Queue failed <@U0143NL4GMP> <@U02NLJY0FGX>" # Notifies C & T
SLACK_TITLE: Deployment failed
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: GitHub
VAULT_ADDR: ""
VAULT_TOKEN: ""