feat: 74 Added basic tests and linting workflows #88
Conversation
BallardRobinett
requested review from
mikevespi,
joshgamache and
JoshLarouche
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
.github/workflows/codeql.yaml
Outdated
| # The branches below must be a subset of the branches above | ||
| branches: [main, develop] | ||
| schedule: | ||
| - cron: "19 23 * * 5" |
There was a problem hiding this comment.
Crontab guru tells me this is "run every Friday at 23:19" any reason why? We can remove it otherwise
There was a problem hiding this comment.
I just saw that cas-registration was running it daily, but yeah I think it would be fine just on push and PR
| - name: Install Node.js | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: 16 |
There was a problem hiding this comment.
| node-version: 16 | |
| node-version: 20 |
| path: ~/.cache/trivy | ||
| key: callee-trivy-${{ github.workflow }}-${{ github.run_id }} | ||
| restore-keys: trivy- | ||
| - name: Run Trivy vulnerability scanner in repo mode |
There was a problem hiding this comment.
We might want to scan the container too, once it's available. I'll write a card for it
| - name: Build and start server | ||
| run: | | ||
| npx ${{ inputs.package-manager }} run build | ||
| npx ${{ inputs.package-manager }} run start & # This starts the server in the background |
There was a problem hiding this comment.
This likely this will try to run npx yarn run start & from the base directory, which will fail.
We can pass a default value for this entire job: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_iddefaultsrun
There was a problem hiding this comment.
so this wants to have working directory set to ./client, right?
|
Will need a rebase too |
BallardRobinett
force-pushed
the
74-create-github-actions
branch
from
b342240 to
972d79a
Compare
There was a problem hiding this comment.
2 more things!
- it looks like the 'javascript' and 'typescript' languages both do the same scan with CodeQL, so we only need one of them (probably typescript?)
- the
v2action was recently deprecated, we need to usev3, but there are no changes to upgrade: now https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/
#74
Added some workflows to automatically run codeql, trivy, owasp, sonarcloud, and precommit code. Tried to keep it consistent with cas-registration repo.
This repo is lacking in actual code at the moment, so most of the scans won't be doing much yet.
More reusable github actions available in this button repo: https://github.com/button-inc/gh-actions/tree/develop