Bump actions/cache from 3.3.1 to 4.2.0 #7019
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Manual Review | |
on: | |
pull_request: | |
types: [ready_for_review, synchronize, reopened, opened] | |
env: | |
BOT_NAME: va-vfs-bot | |
PR_NUMBER: ${{ github.event.number }} | |
jobs: | |
eslint-check: | |
name: ESLint Check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Get Node version | |
id: get-node-version | |
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT | |
- name: Setup Node | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
with: | |
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
- name: Get bot token from Parameter Store | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN | |
env_variable_name: GITHUB_TOKEN | |
- name: Cache dependencies | |
id: cache-dependencies | |
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
path: | | |
~/.cache/yarn | |
node_modules | |
key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-${{ hashFiles('yarn.lock') }} | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile --prefer-offline | |
env: | |
YARN_CACHE_FOLDER: ~/.cache/yarn | |
- name: Run PR check script | |
run: yarn pr-check | |
env: | |
CODE_PATTERN: (/* eslint-disable)|(// eslint-disable) | |
LINE_COMMENT: ESLint disabled here | |
OVERALL_REVIEW_COMMENT: > | |
# ESLint is disabled | |
`vets-website` uses ESLint to help enforce code quality. In most | |
situations we would like ESLint to remain enabled. | |
## What you can do | |
See if the code can be refactored to avoid disabling ESLint, or wait for | |
a VSP review. | |
icon-check: | |
name: Icon Check | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.draft == false | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Get Node version | |
id: get-node-version | |
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT | |
- name: Setup Node | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
with: | |
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
- name: Get bot token from Parameter Store | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN | |
env_variable_name: GITHUB_TOKEN | |
- name: Cache dependencies | |
id: cache-dependencies | |
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
path: | | |
~/.cache/yarn | |
node_modules | |
key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-${{ hashFiles('yarn.lock') }} | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile --prefer-offline | |
env: | |
YARN_CACHE_FOLDER: ~/.cache/yarn | |
- name: Run PR check script | |
run: yarn pr-check | |
env: | |
CODE_PATTERN: (<i )|(<i$)|(<va-icon) | |
LINE_COMMENT: icon found | |
OVERALL_REVIEW_COMMENT: > | |
# Icon found | |
Icons can be decorative, but sometimes they are used to convey meaning. | |
If there are any semantics associated with an icon, those semantics | |
should also be conveyed to a screen reader. | |
## What you can do | |
Review the markup and see if the icon provides information that isn't | |
represented textually, or wait for a VSP review. | |
## Note: | |
Font Awesome is deprecated. Please use va-icon instead. For more information, visit the migration documentation: [Migrate from font awesome to va-icon](https://design.va.gov/about/developers/using-web-components#how-to-migrate-from-font-awesome-to-va-icon) | |
sentry-check: | |
name: Sentry Check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Get Node version | |
id: get-node-version | |
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT | |
- name: Setup Node | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
with: | |
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
- name: Get bot token from Parameter Store | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN | |
env_variable_name: GITHUB_TOKEN | |
- name: Cache dependencies | |
id: cache-dependencies | |
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
path: | | |
~/.cache/yarn | |
node_modules | |
key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-${{ hashFiles('yarn.lock') }} | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile --prefer-offline | |
env: | |
YARN_CACHE_FOLDER: ~/.cache/yarn | |
- name: Run PR check script | |
run: yarn pr-check | |
env: | |
CODE_PATTERN: Sentry\. | |
LINE_COMMENT: Sentry found | |
OVERALL_REVIEW_COMMENT: > | |
# Sentry call found | |
Sentry captures a lot of data, and we want to make sure that we only | |
keep information that will be useful for troubleshooting issues. This | |
means that PII should not be recorded. | |
## What you can do | |
Review your call to Sentry and see if you can reasonably reduce any | |
information that is included, or wait for a VSP review. |