github/karma
1
0
Fork 0
mirror of https://github.com/prymitive/karma synced 2026-05-09 03:36:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(ci): run scan actions from cron

Browse Source
This commit is contained in:
Łukasz Mierzwa
2020-11-19 16:43:46 +00:00
committed by Łukasz Mierzwa
parent 966ee1d473
commit 44a45446e2
2 changed files with 50 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
.github/workflows/scan.yml vendored Normal file
View File

@@ -0,0 +1,48 @@
name: Scan
on:
schedule:
- cron: "0 6 * * 4"
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
# Override language selection by uncommenting this and choosing your languages
# with:
# languages: go, javascript, csharp, python, cpp, java
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
anchore:
name: Anchore Container Scan
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v2
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Run the local Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
uses: anchore/scan-action@v2
with:
image: "localbuild/testimage:latest"
acs-report-enable: true
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif

65
.github/workflows/test.yml vendored
View File

@@ -692,15 +692,9 @@ jobs:
- name: Set git slug envs
uses: rlespinasse/github-slug-action@3.1.0
- name: Get version
run: |
echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`"
VERSION=$(make show-version)
echo "::set-env name=VERSION::${VERSION}"
echo "::`echo -n ${{ github.token }} | sha256sum | head -c 64`::"
- name: Build Docker image
run: docker build --build-arg VERSION=${VERSION} -t registry.heroku.com/karma-demo/web -f demo/Dockerfile .
run: docker build --build-arg VERSION=$(make show-version) -t registry.heroku.com/karma-demo/web -f demo/Dockerfile .
shell: bash
- name: Write .netrc
run: |
@@ -739,58 +733,3 @@ jobs:
- name: Run e2e test
run: make -C ui test-demo
codeql:
name: CodeQL
if: github.event_name != 'release'
needs:
- cross-compile
- docker
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: github.event_name == 'pull_request'
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
# Override language selection by uncommenting this and choosing your languages
# with:
# languages: go, javascript, csharp, python, cpp, java
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
anchore:
name: Anchore Container Scan
if: github.event_name != 'release'
needs:
- cross-compile
- docker
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v2
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Run the local Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
uses: anchore/scan-action@v2
with:
image: "localbuild/testimage:latest"
acs-report-enable: true
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif