Skip to content

docs: update prerequisites in readme #14

docs: update prerequisites in readme

docs: update prerequisites in readme #14

Workflow file for this run

name: Pipeline
on:
# Run on any branch receiving a push
push:
# Allow manual trigger of the workflow
workflow_dispatch:
jobs:
# Talisman Secrets Check
talisman-check:
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect secrets in incoming commits with Talisman
uses: digitalservicebund/talisman-secrets-scan-action@9a4cb85589e29a62b4546eb566119753a5680aeb
# Trivy Vulnerability Scan
trivy-scan:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write # upload-sarif
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@d9cd5b1c23aaf8cb31bb09141028215828364bbb
with:
scan-type: "fs"
format: "sarif"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH"
- name: Verify SARIF file exists
run: ls -la trivy-results.sarif
- name: Check trivy results
run: |
if grep -qE 'HIGH|CRITICAL' trivy-results.sarif; then
echo "Vulnerabilities found"
exit 1
else
echo "No significant vulnerabilities found"
exit 0
fi
- name: Upload Trivy scan results to GitHub Security tab
if: ${{ always() && github.ref == 'refs/heads/main' }}
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
# Deploy Storybook to GitHub Pages
build-and-deploy-storybook:
if: ${{ github.ref == 'refs/heads/main' }}
needs:
- talisman-check
- trivy-scan
permissions:
contents: read
pages: write
id-token: write
concurrency:
group: "pages"
cancel-in-progress: true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: "20"
- name: Install dependencies
run: npm ci
- name: Build Storybook
run: npm run build:storybook
- name: Setup Pages
uses: actions/configure-pages@v2
- name: Upload Storybook artifact
uses: actions/upload-pages-artifact@v1
with:
path: ./storybook-static
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v1