From 9d6345d8785a040e38dec4c2c291729a97dd710f Mon Sep 17 00:00:00 2001 From: Felipe Fernandes Versiane Date: Sun, 9 Jun 2024 13:27:56 -0300 Subject: [PATCH] feat: adding a security validation on ci pipeline --- .github/workflows/ci.yaml | 22 ++++++++++++++++++++-- docker-compose.ci.yml | 3 +-- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7805f73..42ef187 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,8 +9,6 @@ on: env: PORT: ${{ secrets.PORT }} GIN_MODE: ${{ secrets.GIN_MODE }} - JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }} - JWT_SECRET_REFRESH_KEY: ${{ secrets.JWT_SECRET_REFRESH_KEY }} LOG_LEVEL: ${{ secrets.LOG_LEVEL }} LOG_OUTPUT: ${{ secrets.LOG_OUTPUT }} AUTHORIZATION_URL: ${{ secrets.AUTHORIZATION_URL }} @@ -37,6 +35,26 @@ jobs: - name: Test run: go test -v ./internal/... + + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + + - name: Run Snyk to check for Go vulnerabilities + uses: snyk/actions/golang@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --severity-threshold=critical + + - name: Run Snyk to check for Docker vulnerabilities + uses: snyk/actions/docker@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: build/db/Dockerfile + test: needs: build diff --git a/docker-compose.ci.yml b/docker-compose.ci.yml index 2047af8..b3f8cd4 100644 --- a/docker-compose.ci.yml +++ b/docker-compose.ci.yml @@ -46,9 +46,8 @@ services: container_name: go01 restart: unless-stopped environment: - PORT: ${PORT} - GIN_MODE: ${GIN_MODE} LOG_LEVEL: ${LOG_LEVEL} + GIN_MODE: ${GIN_MODE} LOG_OUTPUT: ${LOG_OUTPUT} AUTHORIZATION_URL: ${AUTHORIZATION_URL} POSTGRES_URL: ${POSTGRES_URL}