Merge pull request #654 from eclipse-tractusx/ci/security-tooling

Switching to CodeQL & Dependabot
catenax-ng · Feb 19, 2024 · 49b3b7a · 49b3b7a
2 parents d6f1618 + f77ffcd
commit 49b3b7a
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 134 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -38,3 +38,8 @@ updates:
       day: "wednesday"
       time: "03:00"
 
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # open-pull-requests-limit: 5
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -64,20 +64,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'java' ]
+        language: [ 'java', 'javascript' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Set up JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3
@@ -91,17 +85,24 @@ jobs:
           config-file: ./.github/codeql/codeql-config.yml
           queries: +security-and-quality,security-extended
 
-      - name: Cache maven packages
-        uses: actions/cache@v4
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2
-
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
-      #- name: Autobuild
-      #  uses: github/codeql-action/autobuild@v3
+      # - name: Autobuild
+      #   uses: github/codeql-action/autobuild@v3
+
+      - name: Install frontend dependencies
+        if: ${{ matrix.language == 'javascript' }}
+        run: |
+          cd frontend
+          npm install
+
+      - name: Build frontend
+        if: ${{ matrix.language == 'javascript' }}
+        run: |
+          cd frontend
+          npm run build:prod
+        env:
+          baseHrefPlaceholder: placeholder
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -110,7 +111,23 @@ jobs:
       #    and modify them (or add more) to build your code if your project
       #    uses a compiled language
 
+      - name: Set up JDK 17
+        if: ${{ matrix.language == 'java' }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Cache maven packages
+        if: ${{ matrix.language == 'java' }}
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
       - name: Build Package
+        if: ${{ matrix.language == 'java' }}
         run: |
           mvn clean package -pl tx-models,tx-backend --batch-mode -DskipTests
 

diff --git a/.github/workflows/veracode_backend.yml b/.github/workflows/veracode_backend.yml
diff --git a/.github/workflows/veracode_frontend.yml b/.github/workflows/veracode_frontend.yml