feat: send extension status message on init #419

Workflow file for this run

	name: Build

	on:
	push:
	branches: ['**']
	workflow_dispatch:

	jobs:
	snyk_scan_deps_licences:
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'connector-extension'
	step_name: 'snyk-scan-deps-licenses'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Run Snyk to check for deps vulnerabilities
	uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
	with:
	args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=critical

	snyk_scan_code:
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'connector-extension'
	step_name: 'snyk-scan-code'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Run Snyk to check for code vulnerabilities
	uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
	with:
	args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=high
	command: code test

	snyk_sbom:
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	needs:
	- snyk_scan_deps_licences
	- snyk_scan_code
	steps:
	- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'connector-extension'
	step_name: 'snyk-sbom'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Generate SBOM # check SBOM can be generated but nothing is done with it
	uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
	with:
	args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json
	command: sbom

	build_rcnet:
	runs-on: ubuntu-latest
	needs:
	- snyk_scan_deps_licences
	- snyk_scan_code
	steps:
	- uses: actions/checkout@v3
	- name: Use Node.js
	uses: actions/setup-node@v3
	with:
	node-version: '20.x'

	- name: Install dependencies
	run: npm ci

	- name: Build dev extension
	run: npm run build:rcnet

	- uses: actions/upload-artifact@v3
	with:
	name: rcnet_connector-extension.${{ github.sha }}
	path: dist/

	- name: Build dev extension with dev tools
	run: npm run build:rcnet
	env:
	DEV_TOOLS: true

	- uses: actions/upload-artifact@v3
	with:
	name: rcnet_connector-extension-with-dev-tools.${{ github.sha }}
	path: dist/

	build_dev:
	runs-on: ubuntu-latest
	needs:
	- snyk_scan_deps_licences
	- snyk_scan_code
	steps:
	- uses: actions/checkout@v3
	- name: Use Node.js
	uses: actions/setup-node@v3
	with:
	node-version: '20.x'

	- name: Install dependencies
	run: npm ci

	- name: Build dev extension
	run: npm run build:development

	- uses: actions/upload-artifact@v3
	with:
	name: development_connector-extension.${{ github.sha }}
	path: dist/

	- name: Build dev extension with dev tools
	run: npm run build:development
	env:
	DEV_TOOLS: true

	- uses: actions/upload-artifact@v3
	with:
	name: development_connector-extension-with-dev-tools.${{ github.sha }}
	path: dist/

	snyk_monitor:
	runs-on: ubuntu-latest
	if: github.event_name == 'push' && (github.ref == 'refs/heads/main' \|\| github.ref == 'refs/heads/develop')
	needs:
	- build_rcnet
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'connector-extension'
	step_name: 'snyk-monitor'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Enable Snyk online monitoring to check for vulnerabilities
	uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
	with:
	args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --target-reference=${{ github.ref_name }}
	command: monitor

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: send extension status message on init #419

Workflow file

feat: send extension status message on init #419

Jobs

Run details

Workflow file for this run