Skip to content

Commit

Permalink
feat(ci): analysis workflow (#596)
Browse files Browse the repository at this point in the history
* .github/workflows/unit-tests.yml -> .github/workflows/analysis.yml

* Analysis + CodeQL, cronjob, interrupts
  • Loading branch information
DerekRoberts authored Feb 9, 2024
1 parent 7d8ce57 commit 93d4366
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 29 deletions.
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
name: Unit Tests and Analysis
name: Analysis

on:
pull_request:
types: [opened, reopened, synchronize, ready_for_review]
types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
push:
branches: [main]
schedule:
- cron: "30 8 1 * *" # 8:30 UDT = 12:30 PDT, runs monthly
workflow_dispatch:

concurrency:
Expand All @@ -14,7 +16,7 @@ concurrency:
jobs:
tests:
name: Unit Tests
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
if: ${{ ! github.event.pull_request.draft }}
runs-on: ubuntu-22.04
steps:
- uses: bcgov-nr/[email protected]
Expand All @@ -32,16 +34,30 @@ jobs:
-Dsonar.projectKey=nr-fom
sonar_token: ${{ secrets.SONAR_TOKEN }}

codeql:
name: CodeQL
if: ${{ ! github.event.pull_request.draft }}
needs: [tests]
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v3
with:
languages: javascript
- uses: github/codeql-action/analyze@v3

# https://github.com/marketplace/actions/aqua-security-trivy
trivy:
name: Trivy Security Scan
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
if: ${{ ! github.event.pull_request.draft }}
needs: [tests]
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.17.0
uses: aquasecurity/trivy-action@0.16.1
with:
format: "sarif"
output: "trivy-results.sarif"
Expand Down
24 changes: 0 additions & 24 deletions .github/workflows/merge-main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,30 +16,6 @@ concurrency:
cancel-in-progress: true

jobs:
codeql:
name: CodeQL Analysis
runs-on: ubuntu-22.04
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize
uses: github/codeql-action/init@v3
with:
languages: javascript

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3

deploy-test:
name: TEST Deploys
environment: test
Expand Down

0 comments on commit 93d4366

Please sign in to comment.