mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-06-07 09:58:51 +00:00
Code Issues Projects Releases Wiki Activity

Move securitychecks into own workflow (#1753)

Browse source
This commit is contained in:
6543 2023-07-17 21:32:05 +02:00 committed by GitHub
parent dcba48f916
commit a890a0d4d4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 29 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.woodpecker/docs.yml
View file

@ -38,15 +38,6 @@ steps:
- cron: update_docs - cron: update_docs
event: cron event: cron
securitycheck:
image: aquasec/trivy:latest
commands:
- trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity UNKNOWN,LOW docs/
# TODO currently it is not fixable so just do not block currently
- trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity MEDIUM,HIGH,CRITICAL docs/
when:
path: *when_path
deploy-preview: deploy-preview:
image: woodpeckerci/plugin-surge-preview:next image: woodpeckerci/plugin-surge-preview:next
settings: settings:

29
.woodpecker/securityscan.yml Normal file
View file

@ -0,0 +1,29 @@
when:
- event: [ pull_request, cron ]
- event: push
branch: [ main, release/* ]
variables:
- &trivy_image aquasec/trivy:latest
- &trivy_plugin codeberg.org/woodpecker-plugins/trivy:latest
steps:
check backend:
group: check
image: *trivy_plugin
settings:
skip-dirs: web/,docs/
check docs:
group: check
image: *trivy_plugin
settings:
skip-dirs: node_modules/,plugins/woodpecker-plugins/node_modules/
dir: docs/
check web:
group: check
image: *trivy_plugin
settings:
skip-dirs: node_modules/
dir: web/

9
.woodpecker/test.yml
View file

@ -67,15 +67,6 @@ steps:
image: mstruebing/editorconfig-checker image: mstruebing/editorconfig-checker
group: test group: test
# Fixed with https://github.com/woodpecker-ci/woodpecker/pull/1753
# securitycheck:
# group: test
# image: aquasec/trivy:latest
# commands:
# - trivy fs --exit-code 0 --skip-dirs web/ --skip-dirs docs/ --severity UNKNOWN,LOW .
# - trivy fs --exit-code 1 --skip-dirs web/ --skip-dirs docs/ --severity MEDIUM,HIGH,CRITICAL .
# when: *when
test: test:
image: *golang_image image: *golang_image
group: test group: test

8
.woodpecker/web.yml
View file

@ -55,14 +55,6 @@ steps:
- pnpm typecheck - pnpm typecheck
when: *when when: *when
securitycheck:
group: test
image: aquasec/trivy:latest
commands:
- trivy fs --exit-code 0 --skip-dirs node_modules/ --severity UNKNOWN,LOW web/
- trivy fs --exit-code 1 --skip-dirs node_modules/ --severity MEDIUM,HIGH,CRITICAL web/
when: *when
test: test:
group: test group: test
image: *node_image image: *node_image