NishantRajputRN
@@ -33,9 +33,28 @@ jobs:
|
||||
- name: Install dependencies
|
||||
run: npm ci
|
||||
|
||||
# ---------------- TRIVY (filesystem scan; avoid trivy-action — it pulls actions/cache node24) ----------------
|
||||
# - name: Install Trivy
|
||||
# run: |
|
||||
# mkdir -p "${HOME}/bin"
|
||||
# curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "${HOME}/bin" v0.70.0
|
||||
# echo "${HOME}/bin" >> "${GITHUB_PATH}"
|
||||
# trivy --version
|
||||
|
||||
- name: Trivy filesystem scan
|
||||
run: |
|
||||
trivy fs --format table --output report.txt \
|
||||
--skip-dirs node_modules,android/.gradle,android/build,ios/Pods,ios/build,.git \
|
||||
--exit-code 0 \
|
||||
.
|
||||
|
||||
# - name: Upload Trivy report
|
||||
# uses: actions/upload-artifact@v3
|
||||
# with:
|
||||
# name: trivy-fs-report
|
||||
# path: report.txt
|
||||
|
||||
# ---------------- SONARQUBE ----------------
|
||||
# Gitea does not support actions with runs.using: node24 (e.g. sonarqube-scan-action master).
|
||||
# Use the CLI via npx (same as npm run sonar); optional SONAR_URL overrides sonar-project.properties.
|
||||
# In Gitea: Settings → Secrets → SONAR_TOKEN (and optionally SONAR_URL).
|
||||
- name: SonarQube Scan
|
||||
uses: SonarSource/sonarqube-scan-action@v6
|
||||
|
||||
Reference in New Issue
Block a user