Separate out dependency vulnerability checks in CI (#2480)
This commit is contained in:
Aditya Manthramurthy
committed by
GitHub
GitHub
parent
95bdc70d1d
commit
c803451920
85
.github/workflows/jobs.yaml
vendored
85
.github/workflows/jobs.yaml
vendored
@@ -23,7 +23,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
|
||||
@@ -91,7 +90,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
@@ -165,7 +163,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
@@ -283,8 +280,8 @@ jobs:
|
||||
pip3 install semgrep
|
||||
semgrep --config semgrep.yaml $(pwd)/portal-ui --error
|
||||
|
||||
no-warnings-and-make-assets:
|
||||
name: "React Code Has No Vulnerabilities, Warnings & is Prettified, then Make Assets"
|
||||
react-code-known-vulnerabilities:
|
||||
name: "React Code Has No Known Vulnerable Deps"
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -338,6 +335,57 @@ jobs:
|
||||
continue-on-error: false
|
||||
run: |
|
||||
yarn audit
|
||||
|
||||
no-warnings-and-make-assets:
|
||||
name: "React Code Has No Warnings & is Prettified, then Make Assets"
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
go-version: [ 1.18.x ]
|
||||
os: [ ubuntu-latest ]
|
||||
steps:
|
||||
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: ${{ matrix.go-version }}
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Read .nvmrc
|
||||
id: node_version
|
||||
run: echo ::set-output name=NVMRC::$(cat .nvmrc)
|
||||
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: ${{ env.NVMRC }}
|
||||
|
||||
- name: Get yarn cache directory path
|
||||
id: yarn-cache-dir-path
|
||||
run: echo "::set-output name=dir::$(yarn cache dir)"
|
||||
|
||||
- uses: actions/cache@v3
|
||||
id: yarn-cache
|
||||
name: Yarn Cache
|
||||
with:
|
||||
path: |
|
||||
${{ steps.yarn-cache-dir-path.outputs.dir }}
|
||||
./portal-ui/node_modules/
|
||||
key: ${{ runner.os }}-yarn-${{ hashFiles('./portal-ui/yarn.lock') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-yarn-
|
||||
|
||||
- uses: actions/cache@v3
|
||||
id: assets-cache
|
||||
name: Assets Cache
|
||||
with:
|
||||
path: |
|
||||
./portal-ui/build/
|
||||
key: ${{ runner.os }}-assets-${{ github.run_id }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-assets-
|
||||
|
||||
- name: Install Dependencies
|
||||
working-directory: ./portal-ui
|
||||
continue-on-error: false
|
||||
@@ -392,7 +440,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
timeout-minutes: 10
|
||||
@@ -496,7 +543,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
timeout-minutes: 10
|
||||
@@ -593,7 +639,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
timeout-minutes: 10
|
||||
@@ -691,7 +736,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
timeout-minutes: 15
|
||||
@@ -778,7 +822,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
strategy:
|
||||
@@ -864,7 +907,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
strategy:
|
||||
@@ -950,7 +992,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
strategy:
|
||||
@@ -1036,7 +1077,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
strategy:
|
||||
@@ -1122,7 +1162,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
strategy:
|
||||
@@ -1218,7 +1257,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
strategy:
|
||||
@@ -1321,7 +1359,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: [ ubuntu-latest ]
|
||||
strategy:
|
||||
@@ -1424,7 +1461,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -1518,7 +1554,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -1612,7 +1647,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -1706,7 +1740,6 @@ jobs:
|
||||
# - lint-job
|
||||
# - no-warnings-and-make-assets
|
||||
# - reuse-golang-dependencies
|
||||
# - vulnerable-dependencies-checks
|
||||
# - semgrep-static-code-analysis
|
||||
# runs-on: ${{ matrix.os }}
|
||||
# strategy:
|
||||
@@ -1800,7 +1833,6 @@ jobs:
|
||||
# - lint-job
|
||||
# - no-warnings-and-make-assets
|
||||
# - reuse-golang-dependencies
|
||||
# - vulnerable-dependencies-checks
|
||||
# - semgrep-static-code-analysis
|
||||
# runs-on: ${{ matrix.os }}
|
||||
# strategy:
|
||||
@@ -1894,7 +1926,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -1932,7 +1963,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -1970,7 +2000,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -2008,7 +2037,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -2046,7 +2074,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -2084,7 +2111,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -2122,7 +2148,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -2160,7 +2185,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -2206,7 +2230,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
@@ -2252,7 +2275,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
@@ -2345,7 +2367,6 @@ jobs:
|
||||
- lint-job
|
||||
- no-warnings-and-make-assets
|
||||
- reuse-golang-dependencies
|
||||
- vulnerable-dependencies-checks
|
||||
- semgrep-static-code-analysis
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
Reference in New Issue
Block a user