File tree Expand file tree Collapse file tree 4 files changed +120
-0
lines changed Expand file tree Collapse file tree 4 files changed +120
-0
lines changed Original file line number Diff line number Diff line change 1+ name : ' Setup Action'
2+ description : ' Checks out the repo, sets up node, and installs dependencies'
3+ runs :
4+ using : ' composite'
5+ steps :
6+ - name : Checkout repository
7+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
8+
9+ - name : Set up Node.js
10+ uses : actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
11+ with :
12+ node-version : ' 22'
13+
14+ - name : Cache dependencies
15+ id : cache
16+ uses : actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
17+ with :
18+ path : ./node_modules
19+ key : modules-${{ hashFiles('package-lock.json') }}
20+
21+ - name : Install dependencies
22+ if : steps.cache.outputs.cache-hit != 'true'
23+ run : npm ci
24+ shell : bash
Original file line number Diff line number Diff line change 1+ name : Security checks
2+
3+ on :
4+ workflow_call :
5+
6+ permissions :
7+ contents : read
8+
9+ jobs :
10+ trivy :
11+ name : Trivy scan
12+ runs-on : ubuntu-latest
13+ steps :
14+ - name : Checkout repository
15+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
16+
17+ - name : Scan repo
18+ uses : aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # 0.30.0
19+ with :
20+ scan-type : ' fs'
21+ scan-ref : ' .'
22+ scanners : ' vuln,secret,config'
23+ exit-code : ' 1'
24+ ignore-unfixed : ' true'
25+ severity : ' MEDIUM,HIGH,CRITICAL'
26+
27+ npm-audit :
28+ name : NPM audit
29+ runs-on : ubuntu-latest
30+ steps :
31+ - name : Checkout repository
32+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
33+
34+ - name : Set up Node.js
35+ uses : actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
36+ with :
37+ node-version : ' 22'
38+
39+ - name : Run npm audit
40+ run : npm audit --omit=dev --audit-level=moderate
Original file line number Diff line number Diff line change 1+ name : Static checks
2+
3+ on :
4+ workflow_call :
5+
6+ permissions :
7+ contents : read
8+
9+ jobs :
10+ lint :
11+ name : Lint and format checks
12+ runs-on : ubuntu-latest
13+ steps :
14+ - name : Checkout repository
15+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
16+
17+ - name : Setup
18+ uses : ./.github/actions/setup
19+
20+ - name : Run ESLint
21+ run : npm run eslint
22+
23+ - name : Run markdownlint
24+ run : npm run markdownlint
25+
26+ - name : Run Prettier
27+ run : npm run prettier
28+
29+ build :
30+ name : Build site
31+ runs-on : ubuntu-latest
32+ steps :
33+ - name : Checkout Repository
34+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
35+
36+ - name : Setup
37+ uses : ./.github/actions/setup
38+
39+ - name : Build site
40+ run : npm run build
Original file line number Diff line number Diff line change 1+ name : On PR
2+
3+ on :
4+ pull_request :
5+
6+ permissions :
7+ contents : read
8+
9+ jobs :
10+ security :
11+ name : Security checks
12+ uses : ./.github/workflows/_security-checks.yaml
13+
14+ static-checks :
15+ name : Static checks
16+ uses : ./.github/workflows/_static-checks.yaml
You can’t perform that action at this time.
0 commit comments