|
|
|
|
@ -3,14 +3,15 @@ name: Nightly Code Security Scan
|
|
|
|
|
on:
|
|
|
|
|
schedule:
|
|
|
|
|
- cron: '0 8 * * *'
|
|
|
|
|
pull_request:
|
|
|
|
|
workflow_dispatch:
|
|
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
|
client-dependencies:
|
|
|
|
|
name: Client dependency check
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
if: >- # only run for develop branch
|
|
|
|
|
github.ref == 'refs/heads/develop'
|
|
|
|
|
# if: >- # only run for develop branch
|
|
|
|
|
# github.ref == 'refs/heads/develop'
|
|
|
|
|
outputs:
|
|
|
|
|
js: ${{ steps.set-matrix.outputs.js_result }}
|
|
|
|
|
steps:
|
|
|
|
|
@ -49,8 +50,8 @@ jobs:
|
|
|
|
|
server-dependencies:
|
|
|
|
|
name: Server dependency check
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
if: >- # only run for develop branch
|
|
|
|
|
github.ref == 'refs/heads/develop'
|
|
|
|
|
# if: >- # only run for develop branch
|
|
|
|
|
# github.ref == 'refs/heads/develop'
|
|
|
|
|
outputs:
|
|
|
|
|
go: ${{ steps.set-matrix.outputs.go_result }}
|
|
|
|
|
steps:
|
|
|
|
|
@ -93,8 +94,8 @@ jobs:
|
|
|
|
|
image-vulnerability:
|
|
|
|
|
name: Build docker image and Image vulnerability check
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
if: >-
|
|
|
|
|
github.ref == 'refs/heads/develop'
|
|
|
|
|
# if: >-
|
|
|
|
|
# github.ref == 'refs/heads/develop'
|
|
|
|
|
outputs:
|
|
|
|
|
image: ${{ steps.set-matrix.outputs.image_result }}
|
|
|
|
|
steps:
|
|
|
|
|
@ -161,8 +162,8 @@ jobs:
|
|
|
|
|
name: Analyse scan result
|
|
|
|
|
needs: [client-dependencies, server-dependencies, image-vulnerability]
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
if: >-
|
|
|
|
|
github.ref == 'refs/heads/develop'
|
|
|
|
|
# if: >-
|
|
|
|
|
# github.ref == 'refs/heads/develop'
|
|
|
|
|
strategy:
|
|
|
|
|
matrix:
|
|
|
|
|
js: ${{fromJson(needs.client-dependencies.outputs.js)}}
|
|
|
|
|
|
oscarzhou
3 years ago