Add Checkmarx security scan job to deployment workflow #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Review changes on Dev (Commits/PRs) | |
| on: | |
| push: | |
| branches: ["dev"] | |
| pull_request: | |
| types: | |
| - opened | |
| jobs: | |
| code-check: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| ruby-version: ["3.1", "3.0", "2.7"] | |
| steps: | |
| - name: checkout code | |
| uses: actions/checkout@v2 | |
| - name: setup ruby environment | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| ruby-version: ${{ matrix.ruby-version }} | |
| - name: install ruby dependencies | |
| run: | | |
| gem install bundler | |
| bundle install --jobs 4 --retry 3 | |
| - name: run unit tests and coverage scan | |
| env: | |
| PUBLIC_KEY: ${{ secrets.PUBLIC_KEY }} | |
| ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} | |
| RAVE_SECRET_KEY: ${{ secrets.SECRET_KEY }} | |
| run: | | |
| bundle exec rspec --format progress --format json --out coverage/coverage.json | |
| - name: upload coverage report to codecov | |
| uses: codecov/codecov-action@v2 | |
| with: | |
| file: coverage/coverage.json | |
| - name: push build status to slack | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| status: ${{ job.status }} | |
| fields: repo,message,commit,author,action,eventName,ref,workflow,job,took,pullRequest | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| if: always() |