Skip to content

Commit

Permalink
version up all actions
Browse files Browse the repository at this point in the history
  • Loading branch information
RyosukeDTomita committed Jun 20, 2024
1 parent 2a4bae0 commit 3f2243e
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 9 deletions.
5 changes: 4 additions & 1 deletion .github/workflows/actions-linter.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,15 @@ jobs:
permissions:
pull-requests: write
contents: read

steps:
- name: clone application source code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: install package using aqua
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
aqua_version: v2.29.0

- name: run ghalint
run: github-comment exec --token ${{ secrets.token }} -- ghalint run
8 changes: 6 additions & 2 deletions .github/workflows/react-dependency-check.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,11 @@ on:
schedule:
# 日曜日の午前0時に実行
- cron: '0 0 * * 0'
defaults:
run:
shell: bash

jobs:

trivy-scan:
runs-on: ubuntu-latest
permissions:
Expand All @@ -20,7 +22,7 @@ jobs:

steps:
- name: clone application source code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: use trivy
uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
Expand All @@ -33,11 +35,13 @@ jobs:
format: 'sarif'
output: 'sca-report.sarif'
severity: 'CRITICAL,HIGH'

- name: save report as pipeline artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: sca-report.sarif
path: sca-report.sarif

- name: publish trivy alerts
uses: github/codeql-action/upload-sarif@a073c66b2accf653a511d88537804dcafa07812e # v2.25.10
with:
Expand Down
6 changes: 2 additions & 4 deletions .github/workflows/react-jest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ on:
- "src/**.ts"
- "public/**.html"
- ".github/workflows/react-jest.yaml"

defaults:
run:
shell: bash
Expand All @@ -21,17 +20,16 @@ jobs:
run:
working-directory: /home/runner/work/devsecops-demo-aws-ecs/devsecops-demo-aws-ecs


steps:
# checkout repository to runner
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: set up node20
uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
with:
node-version: '20'

- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

- name: install package using aqua
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/react-semgrep.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@ on:
schedule:
# 日曜日の午前0時に実行
- cron: '0 0 * * 0'
defaults:
run:
shell: bash

jobs:

semgrep-full:
runs-on: ubuntu-latest
permissions:
Expand All @@ -24,7 +26,7 @@ jobs:

steps:
- name: clone application source code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: install package using aqua
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
Expand All @@ -42,6 +44,7 @@ jobs:
name: report.sarif
path: report.sarif
# scanの結果を解析。GithubのSecurity --> Code Scanning等でアラートが見られる。
#
- name: publish code scanning alerts
uses: github/codeql-action/upload-sarif@a073c66b2accf653a511d88537804dcafa07812e # v2.25.10
with:
Expand Down

0 comments on commit 3f2243e

Please sign in to comment.