Codigo con Snyk vulnerable #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| env: | |
| REGISTRY: nogueranv | |
| IMAGE_NAME: rest_api | |
| jobs: | |
| build: | |
| name: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 # checkout github code | |
| name: Checkout code | |
| with: | |
| fetch-depth: 0 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build & Push | |
| uses: docker/build-push-action@v3 | |
| with: | |
| push: true | |
| # file: ./path-to-dockerfile | |
| tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| build-args: | | |
| APP_ENV=${{ secrets.APP_ENV }} | |
| test: | |
| name: Run tests | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Run Test | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - run: npm install | |
| - run: npm run test | |
| - name: Test succeded? | |
| if: ${{ success() }} | |
| run: echo "Test Succeded!!!" | |
| - name: Test failed? | |
| if: ${{ failure() }} | |
| run: | | |
| curl -X POST -H 'Content-type: application/json' --data '{"text":"${{ env.IMAGE_NAME }} test failed"}' ${{ secrets.SLACK_WEBHOOK_URL }} | |
| CodeScan: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # Disabling shallow clone is recommended for improving relevancy of reporting | |
| fetch-depth: 0 | |
| - name: SonarCloud Scan | |
| uses: sonarsource/sonarcloud-github-action@master # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} | |
| -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} | |
| - name: Obtener sonar Status | |
| run: | | |
| echo "SONAR_STATUS=$(curl -s -u ${{ secrets.SONAR_TOKEN}}: https://sonarcloud.io/api/qualitygates/project_status?projectKey=${{ secrets.SONAR_PROJECT_KEY }} | jq -r '.projectStatus.status')" >> $GITHUB_ENV | |
| - name: Sonar Status | |
| run: echo ${{ env.SONAR_STATUS }} | |
| - name: Check Status | |
| if: ${{ env.SONAR_STATUS == 'ERROR' }} | |
| run: exit 1 | |
| security_snyk: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Run Snyk to check Docker image for vulnerabilities | |
| uses: snyk/actions/docker@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest |