Skip to content

Enable 21-0927 in prod #4920

Enable 21-0927 in prod

Enable 21-0927 in prod #4920

Workflow file for this run

name: Manual Review
on:
pull_request:
types: [ready_for_review, synchronize, reopened, opened]
env:
BOT_NAME: va-vfs-bot
PR_NUMBER: ${{ github.event.number }}
jobs:
eslint-check:
name: ESLint Check
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Get Node version
id: get-node-version
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT
- name: Setup Node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest
with:
ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN
env_variable_name: GITHUB_TOKEN
- name: Cache dependencies
id: cache-dependencies
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/.cache/yarn
node_modules
key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-${{ hashFiles('yarn.lock') }}
- name: Install dependencies
run: yarn install --frozen-lockfile --prefer-offline
env:
YARN_CACHE_FOLDER: ~/.cache/yarn
- name: Run PR check script
run: yarn pr-check
env:
CODE_PATTERN: (/* eslint-disable)|(// eslint-disable)
LINE_COMMENT: ESLint disabled here
OVERALL_REVIEW_COMMENT: >
# ESLint is disabled
`vets-website` uses ESLint to help enforce code quality. In most
situations we would like ESLint to remain enabled.
## What you can do
See if the code can be refactored to avoid disabling ESLint, or wait for
a VSP review.
icon-check:
name: Icon Check
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Get Node version
id: get-node-version
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT
- name: Setup Node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest
with:
ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN
env_variable_name: GITHUB_TOKEN
- name: Cache dependencies
id: cache-dependencies
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/.cache/yarn
node_modules
key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-${{ hashFiles('yarn.lock') }}
- name: Install dependencies
run: yarn install --frozen-lockfile --prefer-offline
env:
YARN_CACHE_FOLDER: ~/.cache/yarn
- name: Run PR check script
run: yarn pr-check
env:
CODE_PATTERN: (<i )|(<i$)
LINE_COMMENT: icon found
OVERALL_REVIEW_COMMENT: >
# Icon found
Icons can be decorative, but sometimes they are used to convey meaning.
If there are any semantics associated with an icon, those semantics
should also be conveyed to a screen reader.
## What you can do
Review the markup and see if the icon provides information that isn't
represented textually, or wait for a VSP review.
sentry-check:
name: Sentry Check
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Get Node version
id: get-node-version
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT
- name: Setup Node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest
with:
ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN
env_variable_name: GITHUB_TOKEN
- name: Cache dependencies
id: cache-dependencies
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/.cache/yarn
node_modules
key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-${{ hashFiles('yarn.lock') }}
- name: Install dependencies
run: yarn install --frozen-lockfile --prefer-offline
env:
YARN_CACHE_FOLDER: ~/.cache/yarn
- name: Run PR check script
run: yarn pr-check
env:
CODE_PATTERN: Sentry\.
LINE_COMMENT: Sentry found
OVERALL_REVIEW_COMMENT: >
# Sentry call found
Sentry captures a lot of data, and we want to make sure that we only
keep information that will be useful for troubleshooting issues. This
means that PII should not be recorded.
## What you can do
Review your call to Sentry and see if you can reasonably reduce any
information that is included, or wait for a VSP review.