-
Notifications
You must be signed in to change notification settings - Fork 1
83 lines (72 loc) · 1.87 KB
/
ci-frontend.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
name: CI Frontend
on:
workflow_dispatch:
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
branches:
- main
- develop
jobs:
checks:
name: Frontend checks
timeout-minutes: 15
runs-on: ubuntu-latest
defaults:
run:
working-directory: frontend
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version-file: 'frontend/.nvmrc'
- name: Restore cache
uses: actions/cache@v4
with:
path: |
.next/cache
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-
- name: Install dependencies
run: yarn
- name: Test
run: yarn test
- name: Lint
run: yarn lint
- name: Type check
run: yarn compile
- name: Audit dependencies
run: yarn audit --severity high --environment production
semgrep:
name: Semgrep
runs-on: ubuntu-latest
defaults:
run:
working-directory: frontend
container:
image: returntocorp/semgrep:1.75
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Semgrep checks
env:
SEMGREP_TIMEOUT: 300
SEMGREP_SEND_METRICS: off
SEMGREP_RULES: >-
p/react
p/typescript
p/javascript
p/owasp-top-ten
p/secrets
p/security-audit
p/nodejsscan
run: |
semgrep scan --error --jobs 2 --disable-version-check --exclude yarn.lock