41 lines
858 B
YAML
41 lines
858 B
YAML
name: Code Analysis (JS/Vue)
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
analyze:
|
|
runs-on: gitea
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Show versions
|
|
run: |
|
|
node -v || true
|
|
npm -v || true
|
|
|
|
# Install
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
# 1) Linting / Code-Qualität
|
|
- name: Lint
|
|
run: npm run lint
|
|
|
|
# Tests (optional aber sehr sinnvoll)
|
|
- name: Unit tests
|
|
run: npm test
|
|
|
|
# Optional: Build check (Vue/Vite/Nuxt)
|
|
- name: Build
|
|
run: npm run build --if-present
|
|
|
|
# 2) SAST / Security: Semgrep (ohne Docker, via pip)
|
|
- name: Semgrep (SAST)
|
|
run: |
|
|
python3 -m pip install --user --upgrade pip semgrep
|
|
~/.local/bin/semgrep --config p/default --error
|