Skip to content

ci: integrate Bright CI for security testing and remediation [165 eps, 2 loops; target-inaccessible] #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tssbox wants to merge 11 commits into
base: main
Choose a base branch
from
Open

ci: integrate Bright CI for security testing and remediation [165 eps, 2 loops; target-inaccessible] #103

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
da51a35
chore: initialize PR with an empty commit
tssbox Aug 8, 2025
1b34a03
ci: temporarily disable workflows while addressing security issues
tssbox Aug 8, 2025
ee6397b
test: add auto-generated e2e security tests
tssbox Aug 8, 2025
eb233a4
ci: add CI workflow to run e2e security tests
tssbox Aug 8, 2025
f1e73a3
test: remove completed test files that are no longer relevant
tssbox Aug 8, 2025
7f02048
test: optimize security tests to focus on specific vulnerabilities
tssbox Aug 8, 2025
2838c8d
fix: apply automated fixes for detected vulnerabilities
tssbox Aug 8, 2025
0005ffb
fix: apply automated fixes for detected vulnerabilities
tssbox Aug 8, 2025
feab575
fix: apply automated fixes for detected vulnerabilities
tssbox Aug 8, 2025
e080cef
fix: apply automated fixes for detected vulnerabilities
tssbox Aug 8, 2025
189ca2e
fix: apply automated fixes for detected vulnerabilities
tssbox Aug 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions .brightsec/tests/get-rest-chatbot-status.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
import { test, before, after } from 'node:test';

Check failure on line 1 in .brightsec/tests/get-rest-chatbot-status.test.ts

View workflow job for this annotation

GitHub Actions / SecTester - GET /rest/chatbot/status

.brightsec/tests/get-rest-chatbot-status.test.ts#L1 

Broken JWT Authentication vulnerability found at GET http://127.0.0.1:3000/rest/chatbot/status
Raw output 
{
  "id": "sAC84XkSvE5Ac7yf3H1RQD",
  "name": "Broken JWT Authentication",
  "severity": "High",
  "labels": [],
  "assigneeIds": [],
  "comments": [],
  "status": "recurring",
  "occurrences": 25,
  "lastReported": "2025-08-08T07:54:41.333Z",
  "createdAt": "2025-08-08T07:54:41.383Z",
  "url": "http://127.0.0.1:3000/rest/chatbot/status",
  "host": "127.0.0.1:3000",
  "method": "GET",
  "protocol": "http",
  "originalRequest": {
    "method": "GET",
    "url": "http://127.0.0.1:3000/rest/chatbot/status",
    "headers": {
      "x-recruiting": "We're hiring! Visit our careers page for more information.",
      "Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6MSwidXNlcm5hbWUiOiIiLCJlbWFpbCI6ImFkbWluQGp1aWNlLXNoLm9wIiwicGFzc3dvcmQiOiIwMTkyMDIzYTdiYmQ3MzI1MDUxNmYwNjlkZjE4YjUwMCIsInJvbGUiOiJhZG1pbiIsImRlbHV4ZVRva2VuIjoiIiwibGFzdExvZ2luSXAiOiIiLCJwcm9maWxlSW1hZ2UiOiJhc3NldHMvcHVibGljL2ltYWdlcy91cGxvYWRzL2RlZmF1bHRBZG1pbi5wbmciLCJ0b3RwU2VjcmV0IjoiIiwiaXNBY3RpdmUiOnRydWUsImNyZWF0ZWRBdCI6IjIwMjUtMDgtMDggMDc6NTM6NTEuNzYzICswMDowMCIsInVwZGF0ZWRBdCI6IjIwMjUtMDgtMDggMDc6NTM6NTEuNzYzICswMDowMCIsImRlbGV0ZWRBdCI6bnVsbH0sImlhdCI6MTc1NDYzOTY3N30.XcgkYHSu6-1Fhm10KbT1EDdsmp5yvURGmxMnDgBbGlKJ6bmE9k3veg4aF3Hx8YC_uYePm0quYZdc8CPbBIn58D5NaYxCOBco8p4ioJ-8mCXopk27qeqoIBPOBlybbx8R-SVcJTFn2dJyDLWrr_gjcU_Epm7JF5bGy4nGyurACew",
      "Cookie": "token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6MSwidXNlcm5hbWUiOiIiLCJlbWFpbCI6ImFkbWluQGp1aWNlLXNoLm9wIiwicGFzc3dvcmQiOiIwMTkyMDIzYTdiYmQ3MzI1MDUxNmYwNjlkZjE4YjUwMCIsInJvbGUiOiJhZG1pbiIsImRlbHV4ZVRva2VuIjoiIiwibGFzdExvZ2luSXAiOiIiLCJwcm9maWxlSW1hZ2UiOiJhc3NldHMvcHVibGljL2ltYWdlcy91cGxvYWRzL2RlZmF1bHRBZG1pbi5wbmciLCJ0b3RwU2VjcmV0IjoiIiwiaXNBY3RpdmUiOnRydWUsImNyZWF0ZWRBdCI6IjIwMjUtMDgtMDggMDc6NTM6NTEuNzYzICswMDowMCIsInVwZGF0ZWRBdCI6IjIwMjUtMDgtMDggMDc6NTM6NTEuNzYzICswMDowMCIsImRlbGV0ZWRBdCI6bnVsbH0sImlhdCI6MTc1NDYzOTY3N30.XcgkYHSu6-1Fhm10KbT1EDdsmp5yvURGmxMnDgBbGlKJ6bmE9k3veg4aF3Hx8YC_uYePm0quYZdc8CPbBIn58D5NaYxCOBco8p4ioJ-8mCXopk27qeqoIBPOBlybbx8R-SVcJTFn2dJyDLWrr_gjcU_Epm7JF5bGy4nGyurACew",
      "Connection": "close",
      "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.6998.165 Safari/537.36"
    }
  },
  "request": {
    "method": "GET",
    "url": "http://127.0.0.1:3000/rest/chatbot/status",
    "headers": {
      "x-recruiting": "We're hiring! Visit our careers page for more information.",
      "Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6MSwidXNlcm5hbWUiOiIiLCJlbWFpbCI6ImFkbWluQGp1aWNlLXNoLm9wIiwicGFzc3dvcmQiOiIwMTkyMDIzYTdiYmQ3MzI1MDUxNmYwNjlkZjE4YjUwMCIsInJvbGUiOiJhZG1pbiIsImRlbHV4ZVRva2VuIjoiIiwibGFzdExvZ2luSXAiOiIiLCJwcm9maWxlSW1hZ2UiOiJhc3NldHMvcHVibGljL2ltYWdlcy91cGxvYWRzL2RlZmF1bHRBZG1pbi5wbmciLCJ0b3RwU2VjcmV0IjoiIiwiaXNBY3RpdmUiOnRydWUsImNyZWF0ZWRBdCI6IjIwMjUtMDgtMDggMDc6NTM6NTEuNzYzICswMDowMCIsInVwZGF0ZWRBdCI6IjIwMjUtMDgtMDggMDc6NTM6NTEuNzYzICswMDowMCIsImRlbGV0ZWRBdCI6bnVsbH0sImlhdCI6MTc1NDYzOTY3N30.XcgkYHSu6-1Fhm10KbT1EDdsmp5yvURGmxMnDgBbGlKJ6bmE9k3veg4aF3Hx8YC_uYePm0quYZdc8CPbBIn58D5NaYxCOBco8p4ioJ-8mCXopk27qeqoIBPOBlybbx8R-SVcJTFn2dJyDLWrr_gjcU_Epm7JF5bGy4nGyurACew",
      "Cookie": "token=eyJ0eXAiOiJKV1QiLCJhbGciOiJOb25lIn0.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6MSwidXNlcm5hbWUiOiIiLCJlbWFpbCI6ImFkbWluQGp1aWNlLXNoLm9wIiwicGFzc3dvcmQiOiIwMTkyMDIzYTdiYmQ3MzI1MDUxNmYwNjlkZjE4YjUwMCIsInJvbGUiOiJhZG1pbiIsImRlbHV4ZVRva2VuIjoiIiwibGFzdExvZ2luSXAiOiIiLCJwcm9maWxlSW1hZ2UiOiJhc3NldHMvcHVibGljL2ltYWdlcy91cGxvYWRzL2RlZmF1bHRBZG1pbi5wbmciLCJ0b3RwU2VjcmV0IjoiIiwiaXNBY3RpdmUiOnRydWUsImNyZWF0ZWRBdCI6IjIwMjUtMDgtMDggMDc6NTM6NTEuNzYzICswMDowMCIsInVwZGF0ZWRBdCI6IjIwMjUtMDgtMDggMDc6NTM6NTEuNzYzICswMDowMCIsImRlbGV0ZWRBdCI6bnVsbH0sImlhdCI6MTc1NDYzOTY3N30.",
      "Connection": "close",
      "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.6998.165 Safari/537.36"
    }
  },
  "response": {
    "headers": {
      "access-control-allow-origin": "*",
      "x-content-type-options": "nosniff",
      "x-frame-options": "SAMEORIGIN",
      "feature-policy": "payment 'self'",
      "x-recruiting": "/#/jobs",
      "content-type": "application/json; charset=utf-8",
      "content-length": "88",
      "etag": "W/\"58-m8V3FIrSL224h1kPmtYx3djkb90\"",
      "vary": "Accept-Encoding",
      "date": "Fri, 08 Aug 2025 07:54:41 GMT",
      "Connection": "close",
      "Cache-Control": "public, max-age=99999"
    },
    "body": "{\"action\":\"namequery\",\"body\":\"I'm sorry I didn't get your name. What shall I call you?\"}",
    "bodyUrl": null,
    "status": 200
  },
  "entryPointId": "tyd131qD3wkZVMQ2o9Uzp4",
  "tickets": [],
  "externalIssues": [],
  "issues": [
    {
      "scanId": "xsCcjjUuveELkyHwV8FMXg",
      "issueId": "sAC84XkSvE5Ac7yf3H1RQD",
      "createdAt": "2025-08-08T07:54:41.423Z"
    }
  ],
  "details": "A vulnerability was found in a JSON Web Token (JWT).\nJWT vulnerabilities enable an attacker to authenticate themselves as other users, leak information or leverage user access levels.\nValidation of a None algorithm was detected, which was triggered by switching an algorithm to None.",
  "remedy": "This can be fixed by enforcing verification by using the same algorithm as used for encryption.",
  "exposure": "Gain Privileges or Assume Identity; Bypass Protection Mechanism; Bypassing Authentication Mechanism",
  "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
  "cwe": "CWE-287",
  "resources": [
    "https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html",
    "https://docs.brightsec.com/docs/broken-jwt-authentication"
  ],
  "screenshots": [],
  "lastScanId": "xsCcjjUuveELkyHwV8FMXg",
  "projectId": "eDr1yEcB24cZ51qtsE7hy4",
  "projectIssueId": "i343Bkx8QAnyjv38TtmiMJ",
  "certainty": true,
  "scanIds": [
    "xsCcjjUuveELkyHwV8FMXg"
  ],
  "issueIds": [
    "sAC84XkSvE5Ac7yf3H1RQD"
  ],
  "scanId": "xsCcjjUuveELkyHwV8FMXg",
  "time": "2025-08-08T07:54:41.333Z",
  "type": "Broken JWT Authentication",
  "solved": false,
  "link": "https://app.brightsec.com/scans/xsCcjjUuveELkyHwV8FMXg/issues/sAC84XkSvE5Ac7yf3H1RQD"
}
import { SecRunner } from '@sectester/runner';
import { AttackParamLocation, HttpMethod } from '@sectester/scan';

const timeout = 40 * 60 * 1000;
const baseUrl = process.env.BRIGHT_TARGET_URL!;

let runner!: SecRunner;

before(async () => {
runner = new SecRunner({
hostname: process.env.BRIGHT_HOSTNAME!,
projectId: process.env.BRIGHT_PROJECT_ID!
});

await runner.init();
});

after(() => runner.clear());

test('GET /rest/chatbot/status', { signal: AbortSignal.timeout(timeout) }, async () => {
await runner
.createScan({
tests: ['jwt'],
attackParamLocations: [AttackParamLocation.HEADER],
starMetadata: {}
})
.setFailFast(false)
.timeout(timeout)
.run({
method: HttpMethod.GET,
url: `${baseUrl}/rest/chatbot/status`,
headers: { 'X-Recruiting': "We're hiring! Visit our careers page for more information." },
auth: process.env.BRIGHT_AUTH_ID
});
});
55 changes: 55 additions & 0 deletions .github/workflows/bright.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: Bright
on:
pull_request:
branches:
- '**'

permissions:
checks: write
contents: read
id-token: write

jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4

- name: Set up Node.js 22.x
uses: actions/setup-node@v4
with:
node-version: 22.x

- name: Install application dependencies
run: npm install

- name: Start application
run: npm start &

- name: Wait for application to be ready
run: |
for i in {1..30}; do
nc -zv 127.0.0.1 3000 && echo "Application is ready" && exit 0
echo "Waiting for application..."
sleep 5
done
echo "Application did not start in time" && exit 1

- name: Set up Node.js latest
uses: actions/setup-node@v4
with:
node-version: '>=22'

- name: Install SecTesterJS dependencies
run: npm i --save=false --prefix .brightsec @sectester/core @sectester/repeater @sectester/scan @sectester/runner @sectester/reporter

- name: Run security tests
env:
BRIGHT_HOSTNAME: ${{ vars.BRIGHT_HOSTNAME }}
BRIGHT_PROJECT_ID: ${{ vars.BRIGHT_PROJECT_ID }}
BRIGHT_AUTH_ID: ${{ vars.BRIGHT_AUTH_ID }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRIGHT_TOKEN: ${{ secrets.BRIGHT_TOKEN }}
BRIGHT_TARGET_URL: http://127.0.0.1:3000
run: node --experimental-transform-types --experimental-strip-types --experimental-detect-module --disable-warning=MODULE_TYPELESS_PACKAGE_JSON --disable-warning=ExperimentalWarning --test-force-exit --test-concurrency=4 --test .brightsec/tests/*.test.ts
64 changes: 24 additions & 40 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,25 @@
name: "CI/CD Pipeline"
on:
push:
branches-ignore:
- l10n_develop
- gh-pages
paths-ignore:
- '*.md'
- 'LICENSE'
- 'monitoring/grafana-dashboard.json'
- 'screenshots/**'
tags-ignore:
- '*'
pull_request:
paths-ignore:
- '*.md'
- 'LICENSE'
- 'data/static/i18n/*.json'
- 'frontend/src/assets/i18n/*.json'
workflow_dispatch:
# on:
# push:
# branches-ignore:
# - l10n_develop
# - gh-pages
# paths-ignore:
# - '*.md'
# - 'LICENSE'
# - 'monitoring/grafana-dashboard.json'
# - 'screenshots/**'
# tags-ignore:
# - '*'
# pull_request:
# paths-ignore:
# - '*.md'
# - 'LICENSE'
# - 'data/static/i18n/*.json'
# - 'frontend/src/assets/i18n/*.json'

env:
NODE_DEFAULT_VERSION: 22
NODE_OPTIONS: "--max_old_space_size=4096"
Expand All @@ -40,18 +43,8 @@ jobs:
run: npm run lint
- name: "Lint customization configs"
run: >
npm run lint:config -- -f ./config/7ms.yml &&
npm run lint:config -- -f ./config/addo.yml &&
npm run lint:config -- -f ./config/bodgeit.yml &&
npm run lint:config -- -f ./config/ctf.yml &&
npm run lint:config -- -f ./config/default.yml &&
npm run lint:config -- -f ./config/fbctf.yml &&
npm run lint:config -- -f ./config/juicebox.yml &&
npm run lint:config -- -f ./config/mozilla.yml &&
npm run lint:config -- -f ./config/oss.yml &&
npm run lint:config -- -f ./config/quiet.yml &&
npm run lint:config -- -f ./config/tutorial.yml &&
npm run lint:config -- -f ./config/unsafe.yml
npm run lint:config -- -f ./config/7ms.yml && npm run lint:config -- -f ./config/addo.yml && npm run lint:config -- -f ./config/bodgeit.yml && npm run lint:config -- -f ./config/ctf.yml && npm run lint:config -- -f ./config/default.yml && npm run lint:config -- -f ./config/fbctf.yml && npm run lint:config -- -f ./config/juicebox.yml && npm run lint:config -- -f ./config/mozilla.yml && npm run lint:config -- -f ./config/oss.yml && npm run lint:config -- -f ./config/quiet.yml && npm run lint:config -- -f ./config/tutorial.yml && npm run lint:config -- -f ./config/unsafe.yml

coding-challenge-rsn:
runs-on: windows-latest
steps:
Expand Down Expand Up @@ -184,17 +177,8 @@ jobs:
timeout_minutes: 30
max_attempts: 3
command: >
NODE_ENV=7ms npm run test:server &&
NODE_ENV=addo npm run test:server &&
NODE_ENV=bodgeit npm run test:server &&
NODE_ENV=ctf npm run test:server &&
NODE_ENV=fbctf npm run test:server &&
NODE_ENV=juicebox npm run test:server &&
NODE_ENV=mozilla npm run test:server &&
NODE_ENV=oss npm run test:server &&
NODE_ENV=quiet npm run test:server &&
NODE_ENV=tutorial npm run test:server &&
NODE_ENV=unsafe npm run test:server
NODE_ENV=7ms npm run test:server && NODE_ENV=addo npm run test:server && NODE_ENV=bodgeit npm run test:server && NODE_ENV=ctf npm run test:server && NODE_ENV=fbctf npm run test:server && NODE_ENV=juicebox npm run test:server && NODE_ENV=mozilla npm run test:server && NODE_ENV=oss npm run test:server && NODE_ENV=quiet npm run test:server && NODE_ENV=tutorial npm run test:server && NODE_ENV=unsafe npm run test:server

e2e:
runs-on: ${{ matrix.os }}
strategy:
Expand Down
37 changes: 19 additions & 18 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
name: "CodeQL Scan"

on:
push:
pull_request:
workflow_dispatch:
# on:
# push:
# pull_request:

jobs:
analyze:
Expand All @@ -15,19 +16,19 @@ jobs:
strategy:
fail-fast: false
matrix:
language: [ 'javascript-typescript' ]
language: ['javascript-typescript']
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: security-extended
config: |
paths-ignore:
- 'data/static/codefixes'
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: security-extended
config: |
paths-ignore:
- 'data/static/codefixes'
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
53 changes: 53 additions & 0 deletions .github/workflows/composite/configure-bright-credentials/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: 'Configure BrightSec credentials'

inputs:
BRIGHT_HOSTNAME:
description: 'Hostname for the BrightSec environment'
required: true
BRIGHT_PROJECT_ID:
description: 'Project ID for BrightSec'
required: true
BRIGHT_TOKEN:
description: 'Pre-configured token'
required: false

runs:
using: 'composite'
steps:
- id: configure_env_from_input
name: 'Set existing token in env'
shell: bash
if: ${{ inputs.BRIGHT_TOKEN != '' }}
env:
BRIGHT_TOKEN: ${{ inputs.BRIGHT_TOKEN }}
run: |
echo "BRIGHT_TOKEN=${BRIGHT_TOKEN}" >> $GITHUB_ENV

- id: configure_bright_credentials_through_oidc
name: 'Exchange OIDC credentials for Bright token'
shell: bash
if: ${{ inputs.BRIGHT_TOKEN == '' }}
env:
BRIGHT_HOSTNAME: ${{ inputs.BRIGHT_HOSTNAME }}
BRIGHT_PROJECT_ID: ${{ inputs.BRIGHT_PROJECT_ID }}
run: |
# Retrieve OIDC token from GitHub
OIDC_TOKEN=$(curl -sS -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"${ACTIONS_ID_TOKEN_REQUEST_URL}" | jq -r '.value')

# Post the token to BrightSec
RESPONSE=$(curl -s -X POST "https://${BRIGHT_HOSTNAME}/api/v1/projects/${BRIGHT_PROJECT_ID}/api-keys/oidc" \
-H "Content-Type: application/json" \
-d "{\"token\": \"${OIDC_TOKEN}\"}")

if ! echo "$RESPONSE" | jq -e . > /dev/null 2>&1; then
echo "Error: $RESPONSE" 1>&2
exit 1
fi

# Extract the pureKey
PURE_KEY=$(echo "$RESPONSE" | jq -r '.pureKey')

# Mask and store in environment
echo "::add-mask::$PURE_KEY"
echo "BRIGHT_TOKEN=$PURE_KEY" >> $GITHUB_ENV
47 changes: 24 additions & 23 deletions .github/workflows/lint-fixer.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,29 +1,30 @@
name: "Let me lint:fix that for you"

on: [push]
on:
workflow_dispatch:
# on: [push]

jobs:
LMLFTFY:
runs-on: ubuntu-latest
steps:
- name: "Check out Git repository"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
- name: "Use Node.js 22"
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af #v4.1.0
with:
node-version: 22
- name: "Install application"
run: |
npm install --ignore-scripts
cd frontend
npm install --ignore-scripts --legacy-peer-deps
- name: "Fix everything which can be fixed"
run: 'npm run lint:fix'
- uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 #v5.0.1
with:
commit_message: "Auto-fix linting issues"
branch: ${{ github.head_ref }}
commit_options: '--signoff'
commit_user_name: JuiceShopBot
commit_user_email: 61591748+JuiceShopBot@users.noreply.github.com
commit_author: JuiceShopBot <61591748+JuiceShopBot@users.noreply.github.com>
- name: "Check out Git repository"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
- name: "Use Node.js 22"
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af #v4.1.0
with:
node-version: 22
- name: "Install application"
run: |
npm install --ignore-scripts
cd frontend
npm install --ignore-scripts --legacy-peer-deps
- name: "Fix everything which can be fixed"
run: 'npm run lint:fix'
- uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 #v5.0.1
with:
commit_message: "Auto-fix linting issues"
branch: ${{ github.head_ref }}
commit_options: '--signoff'
commit_user_name: JuiceShopBot
commit_user_email: 61591748+JuiceShopBot@users.noreply.github.com
commit_author: JuiceShopBot <61591748+JuiceShopBot@users.noreply.github.com>
7 changes: 4 additions & 3 deletions .github/workflows/rebase.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
name: Automatic Rebase

on:
issue_comment:
types: [created]
workflow_dispatch:
# on:
# issue_comment:
# types: [created]

jobs:
rebase:
Expand Down
9 changes: 6 additions & 3 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
name: "Release Pipeline"
on:
push:
tags:
- v*
workflow_dispatch:
# on:
# push:
# tags:
# - v*

env:
CYCLONEDX_NPM_VERSION: '^2.0.0||^3.0.0'
jobs:
Expand Down
Loading
Loading