Skip to content

docs: add pre-auth readme #1085

docs: add pre-auth readme

docs: add pre-auth readme #1085

Workflow file for this run

name: Build
on:
push:
branches:
- '**'
pull_request:
jobs:
phylum-analyze:
if: ${{ github.event.pull_request }}
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/phylum-analyze.yml@main
permissions:
id-token: write
pull-requests: write
contents: read
deployments: write
secrets:
phylum_api_key: ${{ secrets.PHYLUM_API_KEY }}
with:
phylum_pr_number: ${{ github.event.number }}
phylum_pr_name: ${{ github.head_ref }}
phylum_group_name: dApp-engineering
phylum_project_id: ad50ad22-146e-4339-80ea-d895b4bce133
github_repository: ${{ github.repository }}
add_report_comment_to_pull_request: true
snyk-scan-deps-licences:
runs-on: ubuntu-latest
permissions:
id-token: write
pull-requests: read
contents: read
deployments: write
steps:
- uses: RDXWorks-actions/checkout@main
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
app_name: 'radix-dapp-toolkit'
step_name: 'snyk-scan-deps-licenses'
secret_prefix: 'SNYK'
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
parse_json: true
- name: Run Snyk to check for deps vulnerabilities
uses: RDXWorks-actions/snyk-actions/node@master
with:
args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=critical
snyk-scan-code:
runs-on: ubuntu-latest
permissions:
id-token: write
pull-requests: read
contents: read
deployments: write
steps:
- uses: RDXWorks-actions/checkout@main
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
app_name: 'radix-dapp-toolkit'
step_name: 'snyk-scan-code'
secret_prefix: 'SNYK'
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
parse_json: true
- name: Run Snyk to check for code vulnerabilities
uses: RDXWorks-actions/snyk-actions/node@master
continue-on-error: true
with:
args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=high
command: code test
snyk-sbom:
runs-on: ubuntu-latest
permissions:
id-token: write
pull-requests: read
contents: read
deployments: write
needs:
- snyk-scan-deps-licences
- snyk-scan-code
steps:
- uses: RDXWorks-actions/checkout@main
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
app_name: 'radix-dapp-toolkit'
step_name: 'snyk-sbom'
secret_prefix: 'SNYK'
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
parse_json: true
- name: Generate SBOM # check SBOM can be generated but nothing is done with it
uses: RDXWorks-actions/snyk-actions/node@master
with:
args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json > sbom.json
command: sbom
build:
runs-on: ubuntu-latest
needs:
- snyk-scan-deps-licences
- snyk-scan-code
steps:
- uses: RDXWorks-actions/checkout@main
- name: Use Node.js
uses: RDXWorks-actions/setup-node@main
with:
node-version: '20.x'
- name: Authenticate with private NPM package
run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_TOKEN }}" > ~/.npmrc
- name: Install dependencies
run: npm ci
- name: Build
run: npm run build
- name: Run tests
run: npm run test
- name: Dump context
uses: RDXWorks-actions/ghaction-dump-context@master