Browse Source

Add gem audit pipeline stage (#301)

* Add gem audit pipeline stage

* Make deploy dependent on audit

* Rubocop
pull/302/head
baarkerlounger 3 years ago committed by GitHub
parent
commit
028e59c34c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 19
      .github/workflows/pipeline.yml
  2. 1
      Gemfile
  3. 4
      Gemfile.lock

19
.github/workflows/pipeline.yml

@ -91,13 +91,30 @@ jobs:
run: |
bundle exec rubocop
audit:
name: Audit dependencies
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
# runs 'bundle install' and caches installed gems automatically
bundler-cache: true
- name: Audit
run: |
bundle exec bundler-audit
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: 'staging'
if: github.ref == 'refs/heads/main'
needs: [lint, test]
needs: [lint, test, audit]
steps:
- name: Checkout code

1
Gemfile

@ -55,6 +55,7 @@ gem "sentry-ruby"
group :development, :test do
# Call 'byebug' anywhere in the code to stop execution and get a debugger console
gem "bundler-audit"
gem "byebug", platforms: %i[mri mingw x64_mingw]
gem "dotenv-rails"
gem "pry-byebug"

4
Gemfile.lock

@ -131,6 +131,9 @@ GEM
bootsnap (1.10.3)
msgpack (~> 1.2)
builder (3.2.4)
bundler-audit (0.9.0.1)
bundler (>= 1.2.0, < 3)
thor (~> 1.0)
byebug (11.1.3)
capybara (3.36.0)
addressable
@ -466,6 +469,7 @@ DEPENDENCIES
activeadmin!
aws-sdk-s3
bootsnap (>= 1.4.4)
bundler-audit
byebug
capybara
capybara-lockstep

Loading…
Cancel
Save