updated github flow

internetee · Jul 25, 2023 · 86563dc · 86563dc
1 parent edf3c6d
commit 86563dc
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 33 deletions.
diff --git a/.github/workflows/brakeman-scan.yml b/.github/workflows/brakeman-scan.yml
@@ -0,0 +1,24 @@
+name: Brakeman Scan
+on:
+ - pull_request:
+ - schedule:
+   - cron: "0 0 * * *"
+
+jobs:
+  base:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.2
+          bundler-cache: true
+      - name: Install brakeman
+        run: gem install brakeman
+      - name: Static code analyses for security
+        run: brakeman
diff --git a/.github/workflows/bundle-audit.yml b/.github/workflows/bundle-audit.yml
@@ -0,0 +1,25 @@
+name: Bundle Audit
+on:
+  pull_request:
+  schedule:
+    - cron: "0 0 * * *"
+jobs:
+  base:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.2
+          bundler-cache: true
+      - name: Install bundler-audit
+        run: gem install bundler-audit
+      - name: Check dependencies with known vulnerabilities
+        run: bundle-audit --update
+      - name: Check javascript dependencies
+        run: yarn audit
diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml
@@ -2,39 +2,6 @@ name: Github Testing
 on: [push]
 
 jobs:
-  bundle_audit:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 3.2.0
-          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-      - name: config bundler
-        run:  |
-          bundle config set without 'development staging production'
-          bundle config set deployment '[secure]'
-          bundle env
-          head -n1 $(which bundle)
-      - name: Bundle Audit Check
-        run: bundle exec bundle-audit check --update
-
-  brakeman:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 3.2.0
-          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-      - name: config bundler
-        run:  |
-          bundle config set without 'development staging production'
-          bundle config set deployment '[secure]'
-          bundle env
-          head -n1 $(which bundle)
-      - name: Run Brakeman
-        run: bundle exec brakeman --quiet --skip-libs --exit-on-warn --ignore-config=.brakeman-ignore
   test:
     services:
       postgres: