Update code analysis workflow to improve clarity and efficiency by renaming steps and simplifying Semgrep command execution.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Has been cancelled
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Has been cancelled
This commit is contained in:
Torsten Schulz (local)
@@ -12,29 +12,22 @@ jobs:
|
|||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Show versions
|
- name: Node versions
|
||||||
run: |
|
run: |
|
||||||
node -v || true
|
node -v
|
||||||
npm -v || true
|
npm -v
|
||||||
|
|
||||||
# Install
|
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: npm ci
|
run: npm ci
|
||||||
|
|
||||||
# 1) Linting / Code-Qualität
|
|
||||||
- name: Lint
|
- name: Lint
|
||||||
run: npm run lint
|
run: npm run lint
|
||||||
|
|
||||||
# Tests (optional aber sehr sinnvoll)
|
|
||||||
- name: Unit tests
|
- name: Unit tests
|
||||||
run: npm test
|
run: npm test
|
||||||
|
|
||||||
# Optional: Build check (Vue/Vite/Nuxt)
|
|
||||||
- name: Build
|
- name: Build
|
||||||
run: npm run build --if-present
|
run: npm run build --if-present
|
||||||
|
|
||||||
# 2) SAST / Security: Semgrep (ohne Docker, via pip)
|
|
||||||
- name: Semgrep (SAST)
|
- name: Semgrep (SAST)
|
||||||
run: |
|
run: semgrep --config p/default --error .
|
||||||
python3 -m pip install --user --upgrade pip semgrep
|
|
||||||
~/.local/bin/semgrep --config p/default --error
|
|
||||||
|
|||||||
Reference in New Issue
Block a user