49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
name: Code Analysis (JS/Vue)
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
analyze:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Node versions
|
|
run: |
|
|
node -v
|
|
npm -v
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Lint
|
|
run: npm run lint
|
|
|
|
- name: Unit tests
|
|
run: npm test
|
|
|
|
- name: Build
|
|
run: npm run build --if-present
|
|
|
|
- name: Semgrep (SAST)
|
|
run: semgrep --config p/default --error .
|
|
|
|
- name: npm audit (high+)
|
|
run: npm audit --audit-level=high || true
|
|
|
|
- name: OSV-Scanner (SCA)
|
|
run: |
|
|
curl -L -o osv-scanner https://github.com/google/osv-scanner/releases/latest/download/osv-scanner_linux_amd64
|
|
chmod +x osv-scanner
|
|
./osv-scanner --lockfile package-lock.json
|
|
|
|
- name: gitleaks (Secrets Scanning)
|
|
run: |
|
|
curl -sSL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz \
|
|
| tar -xz gitleaks
|
|
./gitleaks detect --source . --no-git --redact --exit-code 1
|