Merge pull request #3 from SpotiCloud/feature/snyk

Feature/snyk
SpotiCloud · Jun 18, 2024 · 2538f10 · 2538f10
2 parents 1455505 + 8c4af14
commit 2538f10
Show file tree

Hide file tree

Showing 23 changed files with 1,003 additions and 140 deletions.
diff --git a/.github/workflows/next.yml → .github/workflows/development-workflow.yml b/.github/workflows/next.yml → .github/workflows/development-workflow.yml
@@ -1,24 +1,16 @@
-# Sample workflow for building and deploying a Next.js site to GitHub Pages
-#
-# To get started with Next.js see: https://nextjs.org/docs/getting-started
-#
-name: Check NextJs build
+name: development pipeline
 
 on:
   # Runs on pushes targeting the default branch
   push:
-    branches: ["main"]
-
-  # Runs on any open or reopened pull request
+    branches: ["develop", "feature/*"]
+
   pull_request:
-    types: [opened, reopened]
+    branches: ["develop", "feature/*"]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-env:
-  API_KEY: ${{ secrets.API_KEY }}
-
 # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
 permissions:
   contents: read
@@ -68,3 +60,44 @@ jobs:
         run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }}
       - name: Build with Next.js
         run: npm run build
+
+  sonarcloud:
+    runs-on: ubuntu-latest
+    needs: build 
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        with:
+          args: >
+            -Dsonar.projectKey=SpotiCloud_frontend
+            -Dsonar.organization=spoticloud
+            -Dsonar.host.url=https://sonarcloud.io
+            -Dsonar.sources=./
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  snyk_scan:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install Snyk CLI
+        run: npm install -g snyk  # Install Snyk CLI globally
+
+      - name: Authenticate with Snyk
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: npx snyk auth $SNYK_TOKEN
+
+      - name: Run Snyk security scan
+        run: npx snyk test --json > snyk-output.json
+
+      - name: Upload Snyk results
+        uses: actions/upload-artifact@v2
+        with:
+          name: snyk-results
+          path: snyk-output.json
diff --git a/.gitignore b/.gitignore
@@ -34,3 +34,5 @@ yarn-error.log*
 # typescript
 *.tsbuildinfo
 next-env.d.ts
+.env.development
+.env.docker