-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci(gh-actions): add sast, code quality, and dependency scanning in gh…
… actions start pointing at develop as our default branch to match reality
- Loading branch information
1 parent
8f3d049
commit a281350
Showing
5 changed files
with
68 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| name: Run code quality scans | ||
|
|
||
| on: | ||
| # Runs on pushes targeting the default branch | ||
| push: | ||
| branches: [ "develop" ] | ||
|
|
||
| # Allows you to run this workflow manually from the Actions tab | ||
| workflow_dispatch: | ||
| pull_request: | ||
|
|
||
| code-quality: | ||
| name: Code Quality | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Run Code Quality Report | ||
| run: code-quality-tool --output html | ||
|
|
||
| - name: Upload Code Quality Report | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: code-quality-report | ||
| path: gl-code-quality-report.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| name: Run dependency scanning | ||
|
|
||
| on: | ||
| # Runs on pushes targeting the default branch | ||
| push: | ||
| branches: ["develop"] | ||
|
|
||
| # Allows you to run this workflow manually from the Actions tab | ||
| workflow_dispatch: | ||
| pull_request: | ||
|
|
||
| dependency-scanning: | ||
| name: Dependency Scanning | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Run Dependency Scanning | ||
| run: gemnasium-scan --requirement-file requirements/base.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| name: Run SAST | ||
|
|
||
| on: | ||
| # Runs on pushes targeting the default branch | ||
| push: | ||
| branches: [ "develop" ] | ||
|
|
||
| # Allows you to run this workflow manually from the Actions tab | ||
| workflow_dispatch: | ||
| pull_request: | ||
|
|
||
| sast: | ||
| name: Static Application Security Testing (SAST) | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Run SAST | ||
| run: sast-tool |