Add CodeQL IAC scan #282
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| test-app: | |
| runs-on: ubuntu-latest | |
| name: Test app | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Test eslint | |
| run: npm run test:eslint | |
| - name: Test stylelint | |
| run: npm run test:stylelint | |
| - name: Test TypeScript | |
| run: npm run test:typescript | |
| - name: Test unit | |
| run: npm run test:unit | |
| test-terraform: | |
| runs-on: ubuntu-latest | |
| name: Test Terraform | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.10.3 | |
| - name: Test formatting | |
| run: terraform fmt -list=true -check -recursive -diff | |
| - name: Analyze IAC | |
| id: codeql_iac | |
| uses: advanced-security/[email protected] | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: ${{ steps.codeql_iac.outputs.sarif }} |