74 lines
1.9 KiB
YAML
74 lines
1.9 KiB
YAML
name: Security Tests
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
security-non-db:
|
|
runs-on: vps-host
|
|
steps:
|
|
- uses: actions/checkout@v4.2.2
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@v4.2.0
|
|
with:
|
|
node-version: "20"
|
|
cache: "npm"
|
|
cache-dependency-path: api/package-lock.json
|
|
|
|
- name: Install API dependencies
|
|
run: |
|
|
cd api
|
|
npm ci
|
|
|
|
- name: Run OWASP security suite (non-DB)
|
|
run: |
|
|
cd api
|
|
SECURITY_DB_TESTS=0 npx vitest run -c vitest.security.config.ts
|
|
|
|
security-db:
|
|
if: ${{ secrets.TEST_DATABASE_URL != '' }}
|
|
runs-on: vps-host
|
|
steps:
|
|
- uses: actions/checkout@v4.2.2
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@v4.2.0
|
|
with:
|
|
node-version: "20"
|
|
cache: "npm"
|
|
cache-dependency-path: api/package-lock.json
|
|
|
|
- name: Install API dependencies
|
|
run: |
|
|
cd api
|
|
npm ci
|
|
|
|
- name: Guard TEST_DATABASE_URL target
|
|
env:
|
|
TEST_DATABASE_URL: ${{ secrets.TEST_DATABASE_URL }}
|
|
EXPECTED_PROD_DB_NAME: skymoney
|
|
PROTECTED_DB_NAMES: skymoney,postgres,template0,template1
|
|
REQUIRE_TEST_DB_NAME: "1"
|
|
run: |
|
|
chmod +x ./scripts/validate-test-db-target.sh
|
|
bash ./scripts/validate-test-db-target.sh
|
|
|
|
- name: Apply Prisma schema to TEST_DATABASE_URL
|
|
env:
|
|
DATABASE_URL: ${{ secrets.TEST_DATABASE_URL }}
|
|
run: |
|
|
cd api
|
|
npx prisma migrate deploy
|
|
|
|
- name: Run OWASP security suite (DB-backed)
|
|
env:
|
|
TEST_DATABASE_URL: ${{ secrets.TEST_DATABASE_URL }}
|
|
PROTECTED_DB_NAMES: skymoney,postgres,template0,template1
|
|
REQUIRE_TEST_DB_NAME: "1"
|
|
run: |
|
|
cd api
|
|
SECURITY_DB_TESTS=1 npx vitest run -c vitest.security.config.ts
|