NishantRajputRN
@@ -33,9 +33,28 @@ jobs:
|
|||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: npm ci
|
run: npm ci
|
||||||
|
|
||||||
|
# ---------------- TRIVY (filesystem scan; avoid trivy-action — it pulls actions/cache node24) ----------------
|
||||||
|
# - name: Install Trivy
|
||||||
|
# run: |
|
||||||
|
# mkdir -p "${HOME}/bin"
|
||||||
|
# curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "${HOME}/bin" v0.70.0
|
||||||
|
# echo "${HOME}/bin" >> "${GITHUB_PATH}"
|
||||||
|
# trivy --version
|
||||||
|
|
||||||
|
- name: Trivy filesystem scan
|
||||||
|
run: |
|
||||||
|
trivy fs --format table --output report.txt \
|
||||||
|
--skip-dirs node_modules,android/.gradle,android/build,ios/Pods,ios/build,.git \
|
||||||
|
--exit-code 0 \
|
||||||
|
.
|
||||||
|
|
||||||
|
# - name: Upload Trivy report
|
||||||
|
# uses: actions/upload-artifact@v3
|
||||||
|
# with:
|
||||||
|
# name: trivy-fs-report
|
||||||
|
# path: report.txt
|
||||||
|
|
||||||
# ---------------- SONARQUBE ----------------
|
# ---------------- SONARQUBE ----------------
|
||||||
# Gitea does not support actions with runs.using: node24 (e.g. sonarqube-scan-action master).
|
|
||||||
# Use the CLI via npx (same as npm run sonar); optional SONAR_URL overrides sonar-project.properties.
|
|
||||||
# In Gitea: Settings → Secrets → SONAR_TOKEN (and optionally SONAR_URL).
|
# In Gitea: Settings → Secrets → SONAR_TOKEN (and optionally SONAR_URL).
|
||||||
- name: SonarQube Scan
|
- name: SonarQube Scan
|
||||||
uses: SonarSource/sonarqube-scan-action@v6
|
uses: SonarSource/sonarqube-scan-action@v6
|
||||||
|
|||||||
Reference in New Issue
Block a user