Skip to content

Added virus scan to uploads spec (#16393) #60349

Added virus scan to uploads spec (#16393)

Added virus scan to uploads spec (#16393) #60349

Workflow file for this run

name: Code Checks
on: [push]
permissions:
contents: read
checks: write
jobs:
linting_and_security:
name: Linting and Security
env:
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
runs-on: ubuntu-16-cores-latest
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7
with:
bundler-cache: true
- name: Run bundle-audit (checks gems for CVE issues)
run: bundle exec bundle-audit check --update --ignore CVE-2024-27456
- name: Run Rubocop
run: bundle exec rubocop --parallel --format github
- name: Run Brakeman
run: bundle exec brakeman --ensure-latest --confidence-level=2 --format github
tests:
name: Test
env:
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
CI: true
RAILS_ENV: test
TERM: xterm-256color
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
runs-on: ubuntu-16-cores-latest
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Setup Environment
run: |
echo "VETS_API_USER_ID=$(id -u)" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker Image
uses: docker/build-push-action@v5
with:
build-args: |
sidekiq_license=${{ env.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
userid=${{ env.VETS_API_USER_ID }}
context: .
target: builder
push: false
load: true
tags: vets-api
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Setup Database
run: |
docker-compose -f docker-compose.test.yml run vets-api bash \
-c "CI=true RAILS_ENV=test DISABLE_BOOTSNAP=true parallel_test -n 13 -e 'bin/rails db:reset'"
- name: Run Specs
timeout-minutes: 20
run: |
docker-compose -f docker-compose.test.yml run vets-api bash \
-c "CI=true DISABLE_BOOTSNAP=true bundle exec parallel_rspec spec/ modules/ -n 13 -o '--color --tty'"
- name: Upload Coverage Report
uses: actions/upload-artifact@v4
if: always()
with:
name: Coverage Report
path: coverage
- name: Upload Test Results
uses: actions/upload-artifact@v4
if: always()
with:
name: Test Results
path: log/*.xml
if-no-files-found: ignore
publish_results:
name: Publish Test Results and Coverage
if: always()
needs: [tests]
runs-on: ubuntu-16-cores-latest
steps:
- uses: actions/download-artifact@v4
- name: Publish Test Results to GitHub
uses: EnricoMi/publish-unit-test-result-action@v2
if: always()
with:
check_name: Test Results
comment_mode: off
files: Test Results/*.xml
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Fix up coverage report to work with coverage-check-action
run: sed -i 's/"line"/"covered_percent"/g' 'Coverage Report/.last_run.json'
- name: Publish Coverage Report
uses: devmasx/[email protected]
if: hashFiles('Coverage Report/.last_run.json') != ''
with:
type: simplecov
result_path: Coverage Report/.last_run.json
min_coverage: 90
token: ${{ secrets.GITHUB_TOKEN }}