ExternalVendorCode/openmct
1
0
Fork 0
mirror of https://github.com/nasa/openmct.git synced 2024-12-21 22:17:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
866859a937
openmct/.github/workflows/codeql-analysis.yml

44 lines
836 B
YAML
Raw Normal View History

Add automated security scanning to our repo (#4166)
2021-08-30 22:44:25 +00:00
name: "CodeQL"
on:
push:
branches: [ master ]
Inspect PRs (#4395)
2021-10-28 19:57:48 +00:00
pull_request:
branches: [ master ]
paths-ignore:
- '**/*Spec.js'
- '**/*.md'
- '**/*.txt'
Dependabot for linting and GHA (#4397) * Dependabot for linting and GHA * Update dependabot.yml * Real-time updates were removed from dependabot beta * label GHA bumps * Ignore yaml changes on security scans
2021-10-29 16:22:02 +00:00
- '**/*.yml'
- '**/*.yaml'
Implement e2e functional smoke testing and visual regression testing with playwright (#4456) * First example of playwright * Move config * set junit output * fix config and update version * staged changes * new files * update to remote dir * remove remote * smoke * Update smoke.spec.js * Add eslint for playwright * Add dependabot rule for playwright * Add adhoc GHA for playwright * Update tests and fix eslint * move playwright eslint config to e2e dir * Add to circle config * store artifacts * wrong location for storing artifacts * slash? * build before start * increase timeouts in circle * remove duplicate build step * timeout values * add retries * reduce retries * add percy emblem * added percy * Adds GHA for adhoc trigger and baseline visual * Bump and Rev dependabot separte from karma * update e2e label for additional pr logic * Ignore playwright changes for codeql * Update documentation * Add ability to run all tests on pr label * eof * yamlamlaml * issue instead of pull api * archive results and include a link in the PR comment * log context and attempt string concat * concat fix * add success/failure options * add alure reporting * lock playwright image Co-authored-by: unlikelyzero <jchill2@gmail.com>
2021-11-30 00:34:47 +00:00
- '**/*.spec.js'
- '**/*.config.js'
Add automated security scanning to our repo (#4166)
2021-08-30 22:44:25 +00:00
schedule:
- cron: '28 21 * * 3'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
Bump actions/checkout from 2 to 3 (#4904) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-02 17:59:13 +00:00
uses: actions/checkout@v3
Add automated security scanning to our repo (#4166)
2021-08-30 22:44:25 +00:00
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Bump github/codeql-action from 1 to 2 (#5110) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 15:31:51 +00:00
uses: github/codeql-action/init@v2
Add automated security scanning to our repo (#4166)
2021-08-30 22:44:25 +00:00
with:
languages: javascript
- name: Autobuild
Bump github/codeql-action from 1 to 2 (#5110) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 15:31:51 +00:00
uses: github/codeql-action/autobuild@v2
Add automated security scanning to our repo (#4166)
2021-08-30 22:44:25 +00:00
- name: Perform CodeQL Analysis
Bump github/codeql-action from 1 to 2 (#5110) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 15:31:51 +00:00
uses: github/codeql-action/analyze@v2
Reference in New Issue Copy Permalink