security: add safe mnemonic template, remove exposed mnemonics (#197) #48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Quality | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| jobs: | |
| sonarqube: | |
| name: SonarQube Analysis | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Install frontend dependencies | |
| working-directory: frontend | |
| run: npm ci | |
| - name: Run tests with coverage | |
| run: npm run test:report | |
| continue-on-error: true | |
| - name: SonarQube Scan | |
| uses: SonarSource/sonarqube-scan-action@master | |
| env: | |
| SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| continue-on-error: true | |
| prettier: | |
| name: Format Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install root dependencies | |
| run: npm ci | |
| - name: Install frontend dependencies | |
| working-directory: frontend | |
| run: npm ci | |
| - name: Check formatting | |
| working-directory: frontend | |
| run: npm run format:check | |
| continue-on-error: true | |
| eslint: | |
| name: ESLint Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install root dependencies | |
| run: npm ci | |
| - name: Install frontend dependencies | |
| working-directory: frontend | |
| run: npm ci | |
| - name: Run ESLint | |
| working-directory: frontend | |
| run: npm run lint | |
| continue-on-error: true | |
| complexity: | |
| name: Code Complexity | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install frontend dependencies | |
| working-directory: frontend | |
| run: npm ci | |
| - name: Check complexity with plato | |
| working-directory: frontend | |
| run: npx plato -r -d report src/ | |
| continue-on-error: true | |
| - name: Upload complexity report | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: complexity-report | |
| path: frontend/report/ | |
| dependency-tree: | |
| name: Dependency Analysis | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install root dependencies | |
| run: npm ci | |
| - name: Install frontend dependencies | |
| working-directory: frontend | |
| run: npm ci | |
| - name: Generate dependency tree | |
| run: npm ls --depth=5 --prod > dependency-tree.txt | |
| continue-on-error: true | |
| - name: Upload dependency tree | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: dependency-tree | |
| path: dependency-tree.txt |