Merge pull request #4 from PunGrumpy/dev/ci

ci(github-actions): make something new on workflows
PunGrumpy · Nov 19, 2023 · 61c7bb4 · 61c7bb4
2 parents a8252a7 + e6e90ff
commit 61c7bb4
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 25 deletions.
diff --git a/.github/trivy.yaml b/.github/trivy.yaml
@@ -0,0 +1,3 @@
+format: json
+exit-code: 1
+severity: CRITICAL
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -3,6 +3,7 @@ on:
   push:
     tags:
       - 'v*.*.*'
+  workflow_dispatch:
 env:
   SCOPRE_OWNER: '@pungrumpy'
 jobs:

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -47,18 +47,12 @@ jobs:
         run: bun install
       - name: ⚖️ Lint
         run: bun lint
-      - name: 🎅 Upload Artifacts
-        uses: actions/upload-artifact@v3
-        if: ${{ steps.cache-bun.outputs.cache-hit != 'true' }}
-        with:
-          name: bun-cache
-          path: ~/.bun
   release:
     strategy:
       fail-fast: false
       matrix:
         os: [ubuntu-latest]
-    if: ${{ github.event_name == 'push' }}
+    if: ${{ github.ref == 'refs/heads/main' }} && !contains(github.event.head_commit.message, '[skip ci]')
     name: 🚀 Release
     permissions:
       contents: write
@@ -72,7 +66,6 @@ jobs:
         with:
           release-type: node
           token: ${{ secrets.GITHUB_TOKEN }}
-          package-name: logixlysia
       - name: 🔔 Checkout
         uses: actions/checkout@v4
       - name: 🏷️ Tag stable versions
@@ -95,11 +88,6 @@ jobs:
     runs-on: ${{ matrix.os }}
     if: failure()
     steps:
-      - name: 🎁 Download Artifacts
-        uses: actions/download-artifact@v3
-        with:
-          name: bun-cache
-          path: ~/.bun
       - name: 🕋 Send Issue
         uses: JasonEtco/create-an-issue@v2
         id: send-issue

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -13,31 +13,33 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-latest]
-    name: 💂 Security
+    name: 🍄 TruffleHog OSS
     runs-on: ${{ matrix.os }}
     steps:
-      - name: 🍄 TruffleHog OSS
+      - name: 🛫 Checkout Code
+        uses: actions/checkout@v4
+      - name: 🐷 TruffleHog OSS
         uses: trufflesecurity/trufflehog@main
         with:
           path: ./
           base: ${{ github.event.repository.default_branch }}
           head: HEAD
           extra_args: --debug --only-verified
-  gitguardian:
+  trivy:
     concurrency:
       group: security/${{ github.event.repository.name }}
     strategy:
       fail-fast: false
       matrix:
         os: [ubuntu-latest]
-    name: 🛡️ GitGuardian
+    name: 🐳 Trivy
     runs-on: ${{ matrix.os }}
     steps:
-      - name: 🦉 GitGuardian
-        uses: GitGuardian/[email protected]
-        env:
-          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
-          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
-          GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
-          GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
-          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
+      - name: 🛫 Checkout Code
+        uses: actions/checkout@v4
+      - name: 🐳 Trivy
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          trivy-config: .github/trivy.yaml
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,6 +3,7 @@ on: @@
       push:
         tags:
           - 'v*.*.*'
+      workflow_dispatch:
     env:
       SCOPRE_OWNER: '@pungrumpy'
     jobs:
@@ Expand Down @@