Skip to content

Commit b2fe478

Browse files
authored
Updated vulnerabilities checks & workflows (#2941)
1 parent 02ed6a6 commit b2fe478

File tree

3 files changed

+57
-54
lines changed

3 files changed

+57
-54
lines changed

.github/workflows/jobs.yaml

Lines changed: 2 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -42,26 +42,6 @@ jobs:
4242
run: |
4343
make verifiers
4444
45-
vulnerable-dependencies-checks:
46-
name: "Check for vulnerable dependencies"
47-
runs-on: ubuntu-latest
48-
strategy:
49-
matrix:
50-
go-version: [1.20.x]
51-
steps:
52-
- name: Check out code
53-
uses: actions/checkout@v3
54-
- uses: actions/setup-go@v3
55-
with:
56-
go-version: ${{ matrix.go-version }}
57-
cache: true
58-
check-latest: true
59-
- name: Get govulncheck
60-
run: go install golang.org/x/vuln/cmd/govulncheck@latest
61-
shell: bash
62-
- name: Run govulncheck
63-
run: govulncheck ./...
64-
shell: bash
6545
semgrep-static-code-analysis:
6646
name: "semgrep checks"
6747
runs-on: ubuntu-latest
@@ -220,29 +200,6 @@ jobs:
220200
run: |
221201
make console
222202
223-
react-code-known-vulnerabilities:
224-
name: "React Code Has No Known Vulnerable Deps"
225-
needs:
226-
- ui-assets
227-
runs-on: ubuntu-latest
228-
strategy:
229-
matrix:
230-
go-version: [1.20.x]
231-
os: [ubuntu-latest]
232-
steps:
233-
- name: Check out code
234-
uses: actions/checkout@v3
235-
- uses: actions/setup-node@v3
236-
with:
237-
node-version: ${{ env.NVMRC }}
238-
cache: "yarn"
239-
cache-dependency-path: portal-ui/yarn.lock
240-
- name: Checks for known security issues with the installed packages
241-
working-directory: ./portal-ui
242-
continue-on-error: false
243-
run: |
244-
yarn audit --groups dependencies
245-
246203
all-permissions-1:
247204
name: Permissions Tests Part 1
248205
needs:
@@ -1158,7 +1115,7 @@ jobs:
11581115
runs-on: ubuntu-latest
11591116
strategy:
11601117
matrix:
1161-
go-version: [1.19.x]
1118+
go-version: [1.20.x]
11621119
os: [ubuntu-latest]
11631120
steps:
11641121
- name: Check out code
@@ -1188,11 +1145,6 @@ jobs:
11881145
continue-on-error: false
11891146
run: |
11901147
./check-warnings-istanbul-coverage.sh
1191-
- name: Check if Files are Prettified
1192-
working-directory: ./portal-ui
1193-
continue-on-error: false
1194-
run: |
1195-
./check-prettier.sh
11961148
11971149
compile-binary-istanbul-coverage:
11981150
name: "Compile Console Binary with Istanbul Plugin for Coverage"
@@ -1204,7 +1156,7 @@ jobs:
12041156
runs-on: ${{ matrix.os }}
12051157
strategy:
12061158
matrix:
1207-
go-version: [1.19.x]
1159+
go-version: [1.20.x]
12081160
os: [ubuntu-latest]
12091161
steps:
12101162
- name: Check out code

.github/workflows/vulncheck.yaml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
name: Vulnerability Check
2+
on:
3+
pull_request:
4+
branches:
5+
- master
6+
push:
7+
branches:
8+
- master
9+
10+
permissions:
11+
contents: read # to fetch code (actions/checkout)
12+
13+
jobs:
14+
vulncheck:
15+
name: Analysis
16+
runs-on: ubuntu-latest
17+
steps:
18+
- name: Check out code into the Go module directory
19+
uses: actions/checkout@v3
20+
- name: Set up Go
21+
uses: actions/setup-go@v3
22+
with:
23+
go-version: 1.20.x
24+
check-latest: true
25+
- name: Get official govulncheck
26+
run: go install golang.org/x/vuln/cmd/govulncheck@latest
27+
shell: bash
28+
- name: Run govulncheck
29+
run: govulncheck ./...
30+
shell: bash
31+
32+
react-code-known-vulnerabilities:
33+
name: "React Code Has No Known Vulnerable Deps"
34+
runs-on: ubuntu-latest
35+
strategy:
36+
matrix:
37+
go-version: [ 1.20.x ]
38+
os: [ ubuntu-latest ]
39+
steps:
40+
- name: Check out code
41+
uses: actions/checkout@v3
42+
- uses: actions/setup-node@v3
43+
with:
44+
node-version: ${{ env.NVMRC }}
45+
cache: "yarn"
46+
cache-dependency-path: portal-ui/yarn.lock
47+
- name: Checks for known security issues with the installed packages
48+
working-directory: ./portal-ui
49+
continue-on-error: false
50+
run: |
51+
yarn audit --groups dependencies

portal-ui/playwright/jobs.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
runs-on: [ubuntu-latest]
2121
strategy:
2222
matrix:
23-
go-version: [1.19.x]
23+
go-version: [1.20.x]
2424
os: [ubuntu-latest]
2525
steps:
2626
- name: Check out code
@@ -45,7 +45,7 @@ jobs:
4545
runs-on: ubuntu-latest
4646
strategy:
4747
matrix:
48-
go-version: [1.19.x]
48+
go-version: [1.20.x]
4949
os: [ubuntu-latest]
5050
steps:
5151
- name: Check out code
@@ -86,7 +86,7 @@ jobs:
8686
runs-on: ubuntu-latest
8787
strategy:
8888
matrix:
89-
go-version: [1.19.x]
89+
go-version: [1.20.x]
9090
os: [ubuntu-latest]
9191
steps:
9292
- name: Check out code
@@ -132,7 +132,7 @@ jobs:
132132
runs-on: ${{ matrix.os }}
133133
strategy:
134134
matrix:
135-
go-version: [1.19.x]
135+
go-version: [1.20.x]
136136
os: [ubuntu-latest]
137137
steps:
138138
- name: Check out code

0 commit comments

Comments
 (0)