diff --git a/.github/workflows/cve-scan.yml b/.github/workflows/cve-scan.yml new file mode 100644 index 0000000..4545d6e --- /dev/null +++ b/.github/workflows/cve-scan.yml @@ -0,0 +1,45 @@ +name: CVE Scan + +on: + pull_request: + schedule: + - cron: '0 2 * * *' + workflow_dispatch: + +jobs: + scan: + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout repo + uses: actions/checkout@v3 + with: + fetch-depth: 1 + + - name: Cache trivy + uses: actions/cache@v3 + env: + cache-name: cache-trivy + with: + path: ~/.cache/trivy + key: ${{ env.cache-name }}-${{ hashFiles('poetry.lock') }} + restore-keys: | + ${{ env.cache-name }}- + + - name: Run trivy + uses: aquasecurity/trivy-action@master + with: + exit-code: 1 + format: 'sarif' + output: 'trivy-results.sarif' + scan-ref: '.' + scan-type: 'fs' + severity: 'CRITICAL,HIGH' + list-all-pkgs: 'true' + ignore-unfixed: true + + - name: Publish results + uses: github/codeql-action/upload-sarif@v2 + if: always() + with: + sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml deleted file mode 100644 index ce54fa5..0000000 --- a/.github/workflows/default.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: default -on: [push] - -jobs: - lint: - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - name: Checkout repo - uses: actions/checkout@v2 - with: - fetch-depth: 1 - - - name: Cache node modules - uses: actions/cache@v2 - env: - cache-name: cache-node-modules - with: - path: node_modules - key: ${{ env.cache-name }}-${{ hashFiles('package-lock.json') }} - restore-keys: | - ${{ env.cache-name }}- - - - name: Setup node - uses: actions/setup-node@v3 - with: - node-version: 18 - - - name: Install project - run: npm install - - - name: Run linters - run: npm run lint - - scan: - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - name: Checkout repo - uses: actions/checkout@v2 - with: - fetch-depth: 1 - - - name: Cache trivy - uses: actions/cache@v2 - env: - cache-name: cache-trivy - with: - path: ~/.cache/trivy - key: ${{ env.cache-name }}-${{ hashFiles('poetry.lock') }} - restore-keys: | - ${{ env.cache-name }}- - - - name: Run trivy - uses: aquasecurity/trivy-action@master - with: - exit-code: 1 - format: 'sarif' - output: 'trivy-results.sarif' - scan-ref: '.' - scan-type: 'fs' - severity: 'CRITICAL,HIGH' - list-all-pkgs: 'true' - ignore-unfixed: true - - - name: Publish results - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'trivy-results.sarif' - - test: - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - name: Checkout repo - uses: actions/checkout@v2 - with: - fetch-depth: 1 - - - name: Cache node modules - uses: actions/cache@v2 - env: - cache-name: cache-node-modules - with: - path: node_modules - key: ${{ env.cache-name }}-${{ hashFiles('package-lock.json') }} - restore-keys: | - ${{ env.cache-name }}- - - - name: Setup node - uses: actions/setup-node@v3 - with: - node-version: 18 - - - name: Install project - run: npm install - - - name: Run tests - run: npm run test - - - name: Publish report - uses: mikepenz/action-junit-report@v2 - if: always() - with: - report_paths: '*/TESTS.xml' diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml new file mode 100644 index 0000000..d8cf4c7 --- /dev/null +++ b/.github/workflows/linting.yml @@ -0,0 +1,36 @@ +name: Linting + +on: + push: + workflow_dispatch: + +jobs: + lint: + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout repo + uses: actions/checkout@v3 + with: + fetch-depth: 1 + + - name: Cache node modules + uses: actions/cache@v2 + env: + cache-name: cache-node-modules + with: + path: node_modules + key: ${{ env.cache-name }}-${{ hashFiles('package-lock.json') }} + restore-keys: | + ${{ env.cache-name }}- + + - name: Setup node + uses: actions/setup-node@v4 + with: + node-version: 18 + + - name: Install requirements + run: make install + + - name: Run linters + run: make linter diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml new file mode 100644 index 0000000..cccaae6 --- /dev/null +++ b/.github/workflows/testing.yml @@ -0,0 +1,52 @@ +name: Testing + +on: + push: + workflow_dispatch: + +jobs: + test: + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout repo + uses: actions/checkout@v3 + with: + fetch-depth: 1 + + - name: Cache node modules + uses: actions/cache@v2 + env: + cache-name: cache-node-modules + with: + path: node_modules + key: ${{ env.cache-name }}-${{ hashFiles('package-lock.json') }} + restore-keys: | + ${{ env.cache-name }}- + + - name: Cache poetry + uses: actions/cache@v3 + env: + cache-name: cache-poetry + with: + path: ~/.cache/pip + key: ${{ env.cache-name }}-${{ hashFiles('**/poetry.lock') }} + restore-keys: | + ${{ env.cache-name }}- + + - name: Setup node + uses: actions/setup-node@v4 + with: + node-version: 18 + + - name: Install project + run: npm install + + - name: Run tests + run: npm run test + + - name: Publish report + uses: mikepenz/action-junit-report@v4 + if: always() + with: + report_paths: '*/TESTS.xml' diff --git a/package-lock.json b/package-lock.json index 262677a..5241c9a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -24,7 +24,7 @@ "@material/typography": "^15.0.0-canary.684e33d25.0", "@ngx-formly/core": "^6.0.0", "@ngx-formly/material": "^6.0.0", - "@wjaspers/sat-popover": "~10.2.4", + "@wjaspers/sat-popover": "^10.2.4", "json-schema": "^0.4.0", "lodash-es": "^4.17.21", "material-symbols": "^0.10.1",