Joders/SkyMoney
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: root commit of OWSAP security testing/tightening
All checks were successful
Deploy / deploy (push) Successful in 1m42s
Details
Security Tests / security-non-db (push) Successful in 20s
Details
Security Tests / security-db (push) Successful in 22s
Details

Browse Source
This commit is contained in:
Ricearoni1245
2026-03-01 20:46:47 -06:00
parent 1645896e54
commit 079b8b9492
25 changed files with 1131 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.gitea/workflows/deploy.yml
View File

@@ -8,12 +8,21 @@ jobs:
deploy:
runs-on: vps-host
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4.2.2
- name: Supply chain checks (production dependencies)
run: |
set -euo pipefail
cd api
npm ci
npm audit --omit=dev --audit-level=high
cd ../web
npm ci
npm audit --omit=dev --audit-level=high
- name: Build Web
run: |
cd web
npm ci
npm run build
- name: Deploy with Docker Compose
@@ -48,4 +57,4 @@ jobs:
sudo docker-compose exec -T api npx prisma migrate deploy
- name: Reload Nginx
run: sudo systemctl reload nginx
run: sudo systemctl reload nginx

54
.gitea/workflows/security.yml Normal file
View File

@@ -0,0 +1,54 @@
name: Security Tests
on:
pull_request:
push:
branches: [main]
jobs:
security-non-db:
runs-on: vps-host
steps:
- uses: actions/checkout@v4.2.2
- name: Setup Node
uses: actions/setup-node@v4.2.0
with:
node-version: "20"
cache: "npm"
cache-dependency-path: api/package-lock.json
- name: Install API dependencies
run: |
cd api
npm ci
- name: Run OWASP security suite (non-DB)
run: |
cd api
SECURITY_DB_TESTS=0 npx vitest run -c vitest.security.config.ts
security-db:
if: ${{ secrets.TEST_DATABASE_URL != '' }}
runs-on: vps-host
steps:
- uses: actions/checkout@v4.2.2
- name: Setup Node
uses: actions/setup-node@v4.2.0
with:
node-version: "20"
cache: "npm"
cache-dependency-path: api/package-lock.json
- name: Install API dependencies
run: |
cd api
npm ci
- name: Run OWASP security suite (DB-backed)
env:
TEST_DATABASE_URL: ${{ secrets.TEST_DATABASE_URL }}
run: |
cd api
SECURITY_DB_TESTS=1 npx vitest run -c vitest.security.config.ts