librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

ci/cd - add codeql

This commit is contained in:
florian 2022-11-16 21:57:33 +01:00
parent fa1739439d
commit c2503d63d3
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
3 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
.github/workflows/dev.yml vendored
View File

@ -26,7 +26,6 @@ jobs:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# TODO : code scan
# Build image
- name: Build image
uses: docker/build-push-action@v3
@ -71,7 +70,6 @@ jobs:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# TODO : code scan
# Build image
- name: Build image
uses: docker/build-push-action@v3
@ -116,7 +114,6 @@ jobs:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# TODO : code scan
# Build image
- name: Build image
uses: docker/build-push-action@v3
@ -185,3 +182,31 @@ jobs:
ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
#trivyignores: .trivyignore
# Python code security
code-security:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
paths:
- src/autoconf
- src/scheduler
- src/ui
- src/common
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"

7
.github/workflows/master.yml vendored
View File

@ -1,7 +0,0 @@
name: Automatic tests and push (MASTER)
on:
push:
branches: [master]
# TODO

7
.github/workflows/staging.yml vendored
View File

@ -1,7 +0,0 @@
name: Automatic tests and push (STAGING)
on:
push:
branches: [staging]
# TODO