Add sast-only lint step (output) as additional release asset

open-component-model · Sep 2, 2024 · 7e495be · 7e495be
1 parent 1ef29ad
commit 7e495be
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/.ci/pipeline_definitions b/.ci/pipeline_definitions
@@ -15,7 +15,15 @@ delivery-dashboard:
 
   jobs:
     manual-release:
-      <<: *check-steps
+      steps:
+        lint-sast:
+          image: europe-docker.pkg.dev/gardener-project/releases/ocm-gear/delivery-dashboard-linter:latest
+          execute:
+          - 'lint'
+          - 'eslint.sast.config.mjs'
+        lint:
+          image: europe-docker.pkg.dev/gardener-project/releases/ocm-gear/delivery-dashboard-linter:latest
+          execute: lint
       traits:
         version:
           preprocess: finalize
@@ -39,6 +47,16 @@ delivery-dashboard:
           nextversion: bump_minor
           release_notes_policy: disabled
           release_commit_publishing_policy: tag_and_merge_back
+          assets:
+          - type: build-step-log
+            step_name: lint-sast
+            purposes:
+            - lint
+            - sast
+            - eslint
+            comment: |
+              we use eslint with "eslint-plugin-security" for SAST scans
+              see: https://github.com/eslint-community/eslint-plugin-security
         notifications:
           default:
             on_error: