feat: SECOPS-2525 - add semgrep job #4589
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-gateway | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| schedule: | |
| - cron: '30 7 * * *' | |
| jobs: | |
| ci-docker-local: | |
| name: CI | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v3 | |
| - | |
| name: install rover | |
| run: | | |
| echo --------------------------------------------------------------- | |
| echo rover - installing ... | |
| echo --------------------------------------------------------------- | |
| curl -sSL https://rover.apollo.dev/nix/latest | sh | |
| echo "$HOME/.rover/bin" >> ${GITHUB_PATH} | |
| - | |
| name: update docker-compose | |
| run: | | |
| which docker-compose && exit 0 || true | |
| echo --------------------------------------------------------------- | |
| echo docker-compose - installing ... | |
| echo --------------------------------------------------------------- | |
| BIN_DIR=$HOME/.docker-compose/bin | |
| FILE=$BIN_DIR/docker-compose | |
| mkdir -p $BIN_DIR | |
| set -x | |
| curl -L --fail https://github.com/docker/compose/releases/download/1.29.1/docker-compose-`uname -s`-`uname -m` -o $FILE | |
| chmod +x $FILE | |
| echo "downloaded $($FILE --version)" | |
| echo "$BIN_DIR" >> ${GITHUB_PATH} | |
| set +x | |
| echo --------------------------------------------------------------- | |
| - | |
| name: check tools | |
| run: | | |
| echo --------------------------------------------------------------- | |
| ( set -x; which rover ) | |
| echo "$(rover --version)" | |
| echo --------------------------------------------------------------- | |
| ( set -x; which docker-compose ) | |
| echo "$(docker-compose --version)" | |
| echo --------------------------------------------------------------- | |
| - name: make supergraph | |
| run: | | |
| make supergraph | |
| cat supergraph.graphql | |
| - name: docker-compose build | |
| run: | | |
| ( set -x; docker-compose build --no-cache --pull --parallel --progress plain ) | |
| - name: docker-compose up -d | |
| run: | | |
| ( set -x; docker-compose up -d ) | |
| sleep 3 | |
| docker-compose logs | |
| - name: smoke test | |
| run: .scripts/smoke.sh 4000 | |
| - name: docker-compose down | |
| run: docker-compose down |