Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Separate testing and security audit in CI #6574

Closed
warpech opened this issue Dec 16, 2019 · 1 comment
Closed

Separate testing and security audit in CI #6574

warpech opened this issue Dec 16, 2019 · 1 comment

Comments

@warpech
Copy link
Member

@warpech warpech commented Dec 16, 2019

Description

Currently, we have a single CI job that performs a dependency security (npm audit) and then, only if the audit succeeds, performs functional and unit testing.

Most of the time, security audit failures happen for reasons unrelated to the author of a commit. Therefore, it is not desired that such failures can block the execution of tests and mark the commit as failed.

My proposal, given at today's weekly kick-off meeting, is to split the CI jobs into two:

  1. A job that runs on every commit and marks the commit bad if the tests fail. I don't know about CodeShip, but in GitHub Actions, the CI workflows can have names. I would call this one Functional and unit testing.
  2. A job that runs on every commit and marks the commit bad if the npm audit fails (and maybe other audits, too). I would call it Dependencies audit.

Bonus question

What Snyk is for, if it passes even when npm audit failed on CodeShip? As can be seen in this commit: 7a660af. Build results:

image

@wojciechczerniak

This comment has been minimized.

Copy link
Member

@wojciechczerniak wojciechczerniak commented Feb 3, 2020

Done in #6648

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.