Skip to content

Create SECURITY.md #303

Create SECURITY.md

Create SECURITY.md #303

Workflow file for this run

name: OHRI CI
on:
push:
tags:
- '*'
branches:
- '*'
pull_request:
branches:
- '*'
types: [opened, synchronize]
release:
types:
- created
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '16'
- name: Cache dependencies
id: cache
uses: actions/cache@v3
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: yarn install --immutable
- name: Run tests
run: yarn run test
# Temporarily disable typecheck
# - name: Run lint and typecheck
# run: yarn turbo run lint typescript --color --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team="${{ github.repository_owner }}"
- name: Run build
run: yarn turbo run build --color --concurrency=5 --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team="${{ github.repository_owner }}"
- name: Upload build artifacts
uses: actions/upload-artifact@v3
with:
name: packages
path: |
packages/**/dist
pre_release:
runs-on: ubuntu-latest
needs: build
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/dev' }}
steps:
- uses: actions/checkout@v3
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '16'
registry-url: 'https://registry.npmjs.org'
- name: Cache dependencies
id: cache
uses: actions/cache@v3
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: yarn install --immutable
- run: yarn lerna version "$(node -e "console.log(require('./lerna.json').version)")-pre.${{ github.run_number }}" --no-git-tag-version --yes
- name: Build
run: yarn turbo run build --color --concurrency=5
# Disable the step to updated configs of migration
# - name: Test and Generate Badges
# run: yarn badges
- name: setup git config
run: |
git config user.name "GitHub Actions Bot"
git config user.email "<>"
- name: commit
run: |
git add .
git commit -m "Prerelease version" --no-verify
- run: yarn run ci:prepublish
env:
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
release:
runs-on: ubuntu-latest
needs: pre_release
if: ${{ github.event_name == 'release' }}
steps:
- uses: actions/checkout@v3
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '16'
registry-url: 'https://registry.npmjs.org'
- name: Cache dependencies
id: cache
uses: actions/cache@v3
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: yarn install --immutable
- name: Publish to NPM
run: yarn run ci:publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
working:
runs-on: ubuntu-latest
needs: pre_release
if: ${{ github.ref == 'refs/heads/working' }}
steps:
# Update the Microfrontends to reflect what we have in the Working branch
- uses: garygrossgarten/github-action-ssh@release
name: Run the Update MicroFronEnd Script
with:
command: cd /usr/share/tomcat/microfrontends/working && /bin/bash update_microfrontends.sh
host: ${{ secrets.HISTAC_HOST }}
username: ${{ secrets.HISTAC_USERNAME }}
privateKey: ${{ secrets.HISTAC_KEY}}
port: ${{ secrets.HISTAC_PORT }}
dev:
runs-on: ubuntu-latest
needs: pre_release
if: ${{ github.ref == 'refs/heads/dev' }}
steps:
- name: Download Artifacts
uses: actions/download-artifact@v3
- name: Compute Timestamp
run: echo "TIMESTAMP=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
- uses: garygrossgarten/github-action-ssh@release
name: Run the Update MicroFronEnd Script
with:
command: cd /usr/share/tomcat/microfrontends/dev && /bin/bash update_microfrontends.sh
host: ${{ secrets.HISTAC_HOST }}
username: ${{ secrets.HISTAC_USERNAME }}
privateKey: ${{ secrets.HISTAC_KEY}}
port: ${{ secrets.HISTAC_PORT }}
dev_namibia:
runs-on: ubuntu-latest
needs: pre_release
if: ${{ github.ref == 'refs/heads/dev' }}
steps:
- uses: garygrossgarten/github-action-ssh@release
name: Run the Update MicroFronEnd Script for Namibia
with:
command: who && which node && cd /opt/microfrontends && /bin/bash update_microfrontends.sh
host: ${{ secrets.HISTAC_HOST }}
username: ${{ secrets.HISTAC_USERNAME }}
privateKey: ${{ secrets.HISTAC_KEY}}
port: ${{ secrets.HISTAC_NAMIBIA_PORT }}
pre_demo:
runs-on: ubuntu-latest
needs: build
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v3
- name: Download Artifacts
uses: actions/download-artifact@v3
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: "16"
registry-url: "https://registry.npmjs.org"
- run: yarn install --immutable
- run: yarn run ci:publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
pre_demo_export_concepts:
runs-on: ubuntu-latest
needs: pre_demo
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: garygrossgarten/github-action-ssh@release
name: Run iniz-exporters script to export concepts to csv file.
with:
command: cd /usr/share/tomcat/iniz-exporters/concepts && rm -f concepts.csv && /bin/bash run.sh -u ${{ secrets.HISTAC_DEV_DB_USER }} -p ${{ secrets.HISTAC_DEV_DB_PASSWORD }} -o concepts.csv openmrs_dev
host: ${{ secrets.HISTAC_HOST }}
username: ${{ secrets.HISTAC_USERNAME }}
privateKey: ${{ secrets.HISTAC_KEY}}
port: ${{ secrets.HISTAC_PORT }}
demo:
runs-on: ubuntu-latest
needs: pre_demo_export_concepts
if: startsWith(github.ref, 'refs/tags/v')
steps:
# Update the Microfrontends to reflect what we have in the Working branch
- uses: garygrossgarten/github-action-ssh@release
name: Run the Update MicroFronEnd Script
with:
command: cd /usr/share/tomcat/microfrontends/test && sh update_microfrontends.sh
host: ${{ secrets.HISTAC_HOST }}
username: ${{ secrets.HISTAC_USERNAME }}
privateKey: ${{ secrets.HISTAC_KEY}}
port: ${{ secrets.HISTAC_PORT }}
sandbox_demo:
runs-on: ubuntu-latest
needs: pre_demo_export_concepts
if: startsWith(github.ref, 'refs/tags/v')
steps:
# Update the Microfrontends to reflect what we have in the Working branch
- uses: garygrossgarten/github-action-ssh@release
name: Run the Update MicroFronEnd Script
with:
command: cd /usr/share/tomcat/microfrontends/ && /bin/bash update_microfrontends.sh
host: ${{ secrets.SANDBOX_HOST }}
username: ${{ secrets.SANDBOX_USERNAME }}
privateKey: ${{ secrets.SANDBOX_KEY}}