Add vulnerability scanner trivy to CI pipeline (#28) #118
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub Actions Test | |
| on: | |
| - push | |
| jobs: | |
| Test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner in fs mode | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: "fs" | |
| scan-ref: "." | |
| trivy-config: trivy.config.yaml | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - run: corepack enable | |
| - run: echo "path=$(pnpm store path)" > $GITHUB_OUTPUT | |
| id: store-path | |
| - name: Cache pnpm modules | |
| id: cache-npm | |
| uses: actions/cache@v3 | |
| env: | |
| cache-name: cache-pnpm-modules | |
| with: | |
| # npm cache files are stored in `~/.npm` on Linux/macOS | |
| path: ${{ steps.store-path.outputs.path }} | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build-${{ env.cache-name }}- | |
| ${{ runner.os }}-build- | |
| ${{ runner.os }}- | |
| - run: pnpm i | |
| - run: pnpm sst install | |
| - run: pnpm test | |
| - run: pnpm build |