.github/workflows/security.yml at dev · scanash.com/aethel

scanash.com / aethel

Aethel Bot OSS repository! aethel.xyz

bot fun ai discord discord-bot aethel

aethel / .github / workflows / security.yml

at dev 1.5 kB view raw

 1name: Security & Dependencies
 2
 3on:
 4  schedule:
 5    - cron: "0 2 * * 1"
 6  push:
 7    branches: [main]
 8  pull_request:
 9    branches: [main]
10
11jobs:
12  security-audit:
13    name: Security Audit
14    runs-on: self-hosted
15    permissions:
16      contents: read
17      security-events: write
18      actions: read
19
20    steps:
21      - name: Checkout code
22        uses: actions/checkout@v4
23
24      - name: Setup Bun
25        uses: oven-sh/setup-bun@v2
26        with:
27          bun-version: latest
28
29      - name: Audit backend dependencies
30        run: bun audit
31        continue-on-error: true
32
33      - name: Audit frontend dependencies
34        run: |
35          cd web
36          bun audit
37        continue-on-error: true
38
39      - name: Run CodeQL Analysis
40        uses: github/codeql-action/init@v3
41        with:
42          languages: javascript, typescript
43
44      - name: Autobuild
45        uses: github/codeql-action/autobuild@v3
46
47      - name: Perform CodeQL Analysis
48        uses: github/codeql-action/analyze@v3
49
50  dependency-review:
51    name: Dependency Review
52    runs-on: self-hosted
53    if: github.event_name == 'pull_request'
54    permissions:
55      contents: read
56      pull-requests: read
57
58    steps:
59      - name: Checkout code
60        uses: actions/checkout@v4
61
62      - name: Dependency Review
63        uses: actions/dependency-review-action@v4
64        with:
65          fail-on-severity: moderate
66          allow-licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC