feat: audit changes #282
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Workflow | |
on: | |
push: | |
branches: | |
- main | |
- staging | |
pull_request: | |
jobs: | |
build: | |
continue-on-error: False | |
runs-on: ubuntu-latest | |
steps: | |
# Clone the code and install required modules | |
- uses: actions/checkout@v2 | |
- name: Install modules | |
run: yarn | |
# Run linters | |
- name: Run ESLint | |
run: yarn lint | |
# Run test | |
# - name: Run Test | |
# run: yarn test | |
docker: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
if: contains(' | |
refs/heads/main | |
', github.ref) || contains(' | |
refs/heads/staging | |
', github.ref) | |
env: | |
BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
steps: | |
- name: Confirm Image | |
run: echo "Building image for ${{env.BRANCH_NAME}}" | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: valory | |
password: ${{ secrets.ACCESS_TOKEN }} | |
- name: Prepare Staging Env | |
if: contains(' | |
refs/heads/staging | |
', github.ref) | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
push: true | |
tags: valory/${{ github.event.repository.name }}:${{env.BRANCH_NAME}} | |
build-args: "BACKEND_PUBLIC_URL=${{secrets.STAGING_BACKEND_PUBLIC_URL}}" | |
- name: Prepare Prod Env | |
if: contains(' | |
refs/heads/main | |
', github.ref) | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
push: true | |
tags: valory/${{ github.event.repository.name }}:${{env.BRANCH_NAME}} | |
build-args: "BACKEND_PUBLIC_URL=${{secrets.PROD_BACKEND_PUBLIC_URL}}" | |
scan: | |
name: gitleaks | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: "1.17.7" | |
- run: | | |
wget https://github.com/zricethezav/gitleaks/releases/download/v8.10.1/gitleaks_8.10.1_linux_x64.tar.gz && \ | |
tar -xzf gitleaks_8.10.1_linux_x64.tar.gz && \ | |
sudo install gitleaks /usr/bin && \ | |
gitleaks detect --report-format json --report-path leak_report |