2023-01-25 15:05:57 -08:00
|
|
|
name: Code Review
|
2022-10-10 11:51:21 -07:00
|
|
|
|
|
|
|
on:
|
2023-01-26 01:57:27 -08:00
|
|
|
pull_request:
|
2022-10-18 10:33:43 -07:00
|
|
|
branches: ['main']
|
2022-10-10 11:51:21 -07:00
|
|
|
push:
|
|
|
|
|
|
|
|
jobs:
|
2023-11-18 11:36:45 -08:00
|
|
|
lint:
|
|
|
|
name: Lint
|
2023-01-26 02:09:47 -08:00
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Checkout code
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
|
|
|
- name: Setup Node
|
|
|
|
uses: actions/setup-node@v3
|
|
|
|
with:
|
2023-01-26 02:40:20 -08:00
|
|
|
node-version: '18'
|
2023-01-26 02:09:47 -08:00
|
|
|
cache: 'yarn'
|
|
|
|
|
|
|
|
- name: Install dependencies
|
2023-01-26 02:30:09 -08:00
|
|
|
run: yarn ci
|
2023-01-26 02:09:47 -08:00
|
|
|
|
2023-11-18 11:36:45 -08:00
|
|
|
- name: Check dep dupes
|
|
|
|
run: yarn ci-dupe-check
|
|
|
|
|
|
|
|
- name: Lint
|
|
|
|
run: yarn lint-all
|
2023-01-26 02:09:47 -08:00
|
|
|
|
2023-11-18 11:36:45 -08:00
|
|
|
sast:
|
|
|
|
name: Security Scan
|
2023-01-25 15:05:57 -08:00
|
|
|
runs-on: ubuntu-latest
|
2023-11-18 11:36:45 -08:00
|
|
|
permissions:
|
|
|
|
actions: read
|
|
|
|
contents: read
|
|
|
|
security-events: write
|
|
|
|
|
|
|
|
strategy:
|
|
|
|
fail-fast: false
|
|
|
|
matrix:
|
|
|
|
language: ['javascript']
|
|
|
|
|
2023-01-25 15:05:57 -08:00
|
|
|
steps:
|
2023-11-18 11:36:45 -08:00
|
|
|
- name: Checkout repository
|
2023-01-25 15:05:57 -08:00
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
2023-11-18 11:36:45 -08:00
|
|
|
- name: Initialise CodeQL
|
|
|
|
uses: github/codeql-action/init@v2
|
|
|
|
with:
|
|
|
|
languages: ${{ matrix.language }}
|
|
|
|
|
|
|
|
- name: Run CodeQL
|
|
|
|
uses: github/codeql-action/analyze@v2
|
2023-01-26 01:57:27 -08:00
|
|
|
|
2023-01-25 15:05:57 -08:00
|
|
|
sca:
|
2022-10-10 11:51:21 -07:00
|
|
|
name: Dependency Scan
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Checkout code
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
2022-10-18 10:33:43 -07:00
|
|
|
# Fail the job on critical vulnerabiliies with fix available
|
|
|
|
- name: Fail on critical vulnerabilities
|
2022-10-10 11:51:21 -07:00
|
|
|
uses: aquasecurity/trivy-action@master
|
|
|
|
with:
|
|
|
|
scan-type: 'fs'
|
|
|
|
ignore-unfixed: true
|
2022-10-18 10:33:43 -07:00
|
|
|
hide-progress: true
|
2022-10-10 11:51:21 -07:00
|
|
|
format: 'table'
|
2022-10-18 10:33:43 -07:00
|
|
|
severity: 'CRITICAL'
|
2023-01-26 01:57:27 -08:00
|
|
|
exit-code: '1'
|
2023-11-18 11:36:45 -08:00
|
|
|
|
|
|
|
all-pass:
|
|
|
|
name: All tests pass 🚀
|
|
|
|
needs: ['lint', 'sast', 'sca']
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- run: echo ok
|