gui.do / sifa-api
Sifa professional network API (Fastify, AT Protocol, Jetstream) sifa.id/
fork atom
sifa-api / .github / workflows / ci.yml
at main 67 lines 1.8 kB view raw
Guido X Jansen fix(security): address CodeQL alerts for URL sanitization and workflow permissions
19198bf4
1name: CI 2on: 3 push: 4 branches: [main] 5 pull_request: 6 7permissions: {} 8 9jobs: 10 check: 11 runs-on: ubuntu-latest 12 permissions: 13 contents: read 14 services: 15 postgres: 16 image: postgres:17-alpine 17 env: 18 POSTGRES_USER: sifa 19 POSTGRES_PASSWORD: sifa 20 POSTGRES_DB: sifa_test 21 ports: ['5432:5432'] 22 options: >- 23 --health-cmd pg_isready 24 --health-interval 10s 25 --health-timeout 5s 26 --health-retries 5 27 valkey: 28 image: valkey/valkey:8-alpine 29 ports: ['6379:6379'] 30 31 steps: 32 - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 33 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 34 with: 35 node-version: 25 36 cache: npm 37 38 - run: npm ci 39 - name: Security Audit 40 run: npm audit --audit-level=high 41 - name: Lint 42 run: npm run lint 43 - name: Type Check 44 run: npm run typecheck 45 - name: Format Check 46 run: npm run format:check 47 - name: Run Migrations 48 run: npm run db:migrate 49 env: 50 DATABASE_URL: postgresql://sifa:sifa@localhost:5432/sifa_test 51 - name: Test 52 run: npm test 53 env: 54 DATABASE_URL: postgresql://sifa:sifa@localhost:5432/sifa_test 55 VALKEY_URL: redis://localhost:6379 56 57 security: 58 runs-on: ubuntu-latest 59 permissions: 60 contents: read 61 security-events: write 62 steps: 63 - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 64 - uses: github/codeql-action/init@820e3160e279568db735cee8ed8f8e77a6da7818 # v3 65 with: 66 languages: javascript-typescript 67 - uses: github/codeql-action/analyze@820e3160e279568db735cee8ed8f8e77a6da7818 # v3