Skip to content

Commit

Permalink
feat: adding a security validation on ci pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
@felipeversiane
felipeversiane committed Jun 9, 2024
1 parent 8ddc5a6 commit 9d6345d
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 4 deletions.
22 changes: 20 additions & 2 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@ on:
env:
PORT: ${{ secrets.PORT }}
GIN_MODE: ${{ secrets.GIN_MODE }}
JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }}
JWT_SECRET_REFRESH_KEY: ${{ secrets.JWT_SECRET_REFRESH_KEY }}
LOG_LEVEL: ${{ secrets.LOG_LEVEL }}
LOG_OUTPUT: ${{ secrets.LOG_OUTPUT }}
AUTHORIZATION_URL: ${{ secrets.AUTHORIZATION_URL }}
Expand All @@ -37,6 +35,26 @@ jobs:

- name: Test
run: go test -v ./internal/...

security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master

- name: Run Snyk to check for Go vulnerabilities
uses: snyk/actions/golang@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=critical

- name: Run Snyk to check for Docker vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: build/db/Dockerfile


test:
needs: build
Expand Down
3 changes: 1 addition & 2 deletions docker-compose.ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,8 @@ services:
container_name: go01
restart: unless-stopped
environment:
PORT: ${PORT}
GIN_MODE: ${GIN_MODE}
LOG_LEVEL: ${LOG_LEVEL}
GIN_MODE: ${GIN_MODE}
LOG_OUTPUT: ${LOG_OUTPUT}
AUTHORIZATION_URL: ${AUTHORIZATION_URL}
POSTGRES_URL: ${POSTGRES_URL}
Expand Down

0 comments on commit 9d6345d

Please sign in to comment.