T-85: bundle-audit using GitHub Actions

marian13 · Feb 13, 2022 · 3f55332 · 3f55332
1 parent 93f1478
commit 3f55332
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -108,13 +108,31 @@ jobs:
           path-to-lcov: "./coverage/lcov.info"
 
   coverage:
-    name: Gather coverage
     needs:
       - test
     runs-on: ubuntu-20.04
+    name: Gather coverage
     steps:
       - name: Upload coverage reports to Coveralls
         uses: coverallsapp/github-action@master
         with:
           github-token: ${{ secrets.github_token }}
           parallel-finished: true
+
+  bundle-audit:
+    runs-on: ubuntu-20.04
+    name: bundle-audit
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.1
+          ##
+          # NOTE: Installs the latest compatible Bundler version, runs `bundle install' and caches installed gems.
+          # - https://github.com/ruby/setup-ruby#usage
+          # - https://github.com/ruby/setup-ruby#bundler
+          #
+          bundler-cache: true
+      - name: Check for vulnerable gem versions, insecure gem sources, etc...
+        run: bundle exec bundle-audit check --update