simon/svelte-5-static-shadcn-template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
310738c82d895505655711f567fc64c71e66862b
svelte-5-static-shadcn-temp…/.github/workflows/ci.yml
Simon Malm 310738c82d
Some checks failed
CI / docker-build (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details
CI / security (push) Has been cancelled
Details
fix: nu
2025-08-14 14:56:58 +02:00

120 lines
2.8 KiB
YAML
Raw Blame History

name: CI
on:
push:
branches: [master, develop]
pull_request:
branches: [master, develop]
jobs:
test:
runs-on: ubuntu-latest
defaults:
run:
shell: nu {0}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Shell Tools
uses: ./.github/actions/setup-shell-tools
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: '1.2.20'
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
node_modules
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
restore-keys: |
${{ runner.os }}-bun-
- name: Install dependencies
run: just install
- name: Install Playwright browsers
run: just install-browsers
- name: Run CI pipeline
run: just ci
security:
runs-on: ubuntu-latest
defaults:
run:
shell: nu {0}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Shell Tools
uses: ./.github/actions/setup-shell-tools
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: '1.2.20'
- name: Install dependencies
run: just install
- name: Run security audit
run: just audit
continue-on-error: true
- name: Run Semgrep security scan
uses: semgrep/semgrep-action@v1
with:
config: >-
p/security-audit
p/secrets
p/owasp-top-ten
p/javascript
p/typescript
generateSarif: '1'
# Token only needed for Semgrep Cloud features (optional)
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
continue-on-error: true
docker-build:
runs-on: ubuntu-latest
defaults:
run:
shell: nu {0}
needs: [test, security]
if: github.ref == 'refs/heads/master'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to Container Registry
uses: docker/login-action@v2
with:
registry: ${{ vars.DOCKER_REGISTRY }}
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_REPOSITORY }}:latest
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_REPOSITORY }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
Reference in New Issue View Git Blame Copy Permalink