mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-27 19:00:35 +00:00
Move securitychecks into own workflow (#1753)
This commit is contained in:
parent
dcba48f916
commit
a890a0d4d4
4 changed files with 29 additions and 26 deletions
|
@ -38,15 +38,6 @@ steps:
|
|||
- cron: update_docs
|
||||
event: cron
|
||||
|
||||
securitycheck:
|
||||
image: aquasec/trivy:latest
|
||||
commands:
|
||||
- trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity UNKNOWN,LOW docs/
|
||||
# TODO currently it is not fixable so just do not block currently
|
||||
- trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity MEDIUM,HIGH,CRITICAL docs/
|
||||
when:
|
||||
path: *when_path
|
||||
|
||||
deploy-preview:
|
||||
image: woodpeckerci/plugin-surge-preview:next
|
||||
settings:
|
||||
|
|
29
.woodpecker/securityscan.yml
Normal file
29
.woodpecker/securityscan.yml
Normal file
|
@ -0,0 +1,29 @@
|
|||
when:
|
||||
- event: [ pull_request, cron ]
|
||||
- event: push
|
||||
branch: [ main, release/* ]
|
||||
|
||||
variables:
|
||||
- &trivy_image aquasec/trivy:latest
|
||||
- &trivy_plugin codeberg.org/woodpecker-plugins/trivy:latest
|
||||
|
||||
steps:
|
||||
check backend:
|
||||
group: check
|
||||
image: *trivy_plugin
|
||||
settings:
|
||||
skip-dirs: web/,docs/
|
||||
|
||||
check docs:
|
||||
group: check
|
||||
image: *trivy_plugin
|
||||
settings:
|
||||
skip-dirs: node_modules/,plugins/woodpecker-plugins/node_modules/
|
||||
dir: docs/
|
||||
|
||||
check web:
|
||||
group: check
|
||||
image: *trivy_plugin
|
||||
settings:
|
||||
skip-dirs: node_modules/
|
||||
dir: web/
|
|
@ -67,15 +67,6 @@ steps:
|
|||
image: mstruebing/editorconfig-checker
|
||||
group: test
|
||||
|
||||
# Fixed with https://github.com/woodpecker-ci/woodpecker/pull/1753
|
||||
# securitycheck:
|
||||
# group: test
|
||||
# image: aquasec/trivy:latest
|
||||
# commands:
|
||||
# - trivy fs --exit-code 0 --skip-dirs web/ --skip-dirs docs/ --severity UNKNOWN,LOW .
|
||||
# - trivy fs --exit-code 1 --skip-dirs web/ --skip-dirs docs/ --severity MEDIUM,HIGH,CRITICAL .
|
||||
# when: *when
|
||||
|
||||
test:
|
||||
image: *golang_image
|
||||
group: test
|
||||
|
|
|
@ -55,14 +55,6 @@ steps:
|
|||
- pnpm typecheck
|
||||
when: *when
|
||||
|
||||
securitycheck:
|
||||
group: test
|
||||
image: aquasec/trivy:latest
|
||||
commands:
|
||||
- trivy fs --exit-code 0 --skip-dirs node_modules/ --severity UNKNOWN,LOW web/
|
||||
- trivy fs --exit-code 1 --skip-dirs node_modules/ --severity MEDIUM,HIGH,CRITICAL web/
|
||||
when: *when
|
||||
|
||||
test:
|
||||
group: test
|
||||
image: *node_image
|
||||
|
|
Loading…
Reference in a new issue