Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/ci-django-api-README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ This reusable workflow is part of the City of Helsinki’s GitHub Actions setup,
- **Code Style Checks**: Verifies code style and formatting using [pre-commit](https://pre-commit.com/).
- **Automated Testing**: Runs project tests using [pytest](https://docs.pytest.org/en/stable/).
- **Code Quality Analysis**: Performs a [SonarQube Cloud](https://sonarcloud.io/) scan.
- **Dependency Review**: Scans dependency changes in pull requests for known vulnerabilities using [GitHub's dependency review action](https://github.com/actions/dependency-review-action).

## 📋 Requirements for Projects Using the Workflow

Expand Down
21 changes: 21 additions & 0 deletions .github/workflows/ci-django-api.yml
Original file line number Diff line number Diff line change
Expand Up @@ -210,3 +210,24 @@ jobs:
projectBaseDir: ${{ inputs.working-directory }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

dependency-review:
name: Dependency Review
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

- uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
with:
fail-on-severity: low
fail-on-scopes: runtime, development, unknown
license-check: false
vulnerability-check: true
comment-summary-in-pr: on-failure
show-patched-versions: true
1 change: 1 addition & 0 deletions .github/workflows/ci-node-README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ This reusable workflow is part of the City of Helsinki’s GitHub Actions setup,
- **Build and Lint**: Build and verifies code style and formatting via yarn.
- **Automated Testing**: Runs project tests via yarn.
- **Code Quality Analysis**: Performs a [SonarQube Cloud](https://sonarcloud.io/) scan.
- **Dependency Review**: Scans dependency changes in pull requests for known vulnerabilities using [GitHub's dependency review action](https://github.com/actions/dependency-review-action).

## 📋 Requirements for Projects Using the Workflow

Expand Down
22 changes: 21 additions & 1 deletion .github/workflows/ci-node.yml
Original file line number Diff line number Diff line change
Expand Up @@ -240,4 +240,24 @@ jobs:
projectBaseDir: ${{ inputs.app-directory == '.' && inputs.working-directory || inputs.app-directory }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}


dependency-review:
name: Dependency Review
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

- uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
with:
fail-on-severity: low
fail-on-scopes: runtime, development, unknown
license-check: false
vulnerability-check: true
comment-summary-in-pr: on-failure
show-patched-versions: true
1 change: 1 addition & 0 deletions .github/workflows/ci-pnpm-node-README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ Keeping both workflows allows projects to use the same CI structure while matchi
- **Build and Lint**: Build and verifies code style and formatting via pnpm.
- **Automated Testing**: Runs project tests via pnpm.
- **Code Quality Analysis**: Performs a [SonarQube Cloud](https://sonarcloud.io/) scan.
- **Dependency Review**: Scans dependency changes in pull requests for known vulnerabilities using [GitHub's dependency review action](https://github.com/actions/dependency-review-action).

## 📋 Requirements for Projects Using the Workflow

Expand Down
21 changes: 21 additions & 0 deletions .github/workflows/ci-pnpm-node.yml
Original file line number Diff line number Diff line change
Expand Up @@ -250,3 +250,24 @@ jobs:
projectBaseDir: ${{ inputs.app-directory == '.' && inputs.working-directory || inputs.app-directory }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

dependency-review:
name: Dependency Review
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

- uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
with:
fail-on-severity: low
fail-on-scopes: runtime, development, unknown
license-check: false
vulnerability-check: true
comment-summary-in-pr: on-failure
show-patched-versions: true
1 change: 1 addition & 0 deletions .github/workflows/ci-uv-django-api-README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ Keeping both workflows allows projects to use the same CI structure while matchi
- **Code Style Checks**: Verifies code style and formatting using [pre-commit](https://pre-commit.com/).
- **Automated Testing**: Runs project tests using [pytest](https://docs.pytest.org/en/stable/).
- **Code Quality Analysis**: Performs a [SonarQube Cloud](https://sonarcloud.io/) scan.
- **Dependency Review**: Scans dependency changes in pull requests for known vulnerabilities using [GitHub's dependency review action](https://github.com/actions/dependency-review-action).

## 📋 Requirements for Projects Using the Workflow

Expand Down
21 changes: 21 additions & 0 deletions .github/workflows/ci-uv-django-api.yml
Original file line number Diff line number Diff line change
Expand Up @@ -199,3 +199,24 @@ jobs:
projectBaseDir: ${{ inputs.working-directory }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

dependency-review:
name: Dependency Review
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

- uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
with:
fail-on-severity: low
fail-on-scopes: runtime, development, unknown
license-check: false
vulnerability-check: true
comment-summary-in-pr: on-failure
show-patched-versions: true
13 changes: 12 additions & 1 deletion .github/workflows/test-reusable-workflows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,13 @@ on:

permissions:
contents: read
pull-requests: read

jobs:
test-ci-node:
name: Test ci-node
permissions:
contents: read
pull-requests: write
uses: ./.github/workflows/ci-node.yml
with:
node-version: "24"
Expand Down Expand Up @@ -42,6 +44,9 @@ jobs:

test-ci-pnpm-node:
name: Test ci-pnpm-node
permissions:
contents: read
pull-requests: write
uses: ./.github/workflows/ci-pnpm-node.yml
with:
node-version: "24"
Expand Down Expand Up @@ -69,6 +74,9 @@ jobs:

test-ci-django-api:
name: Test ci-django-api
permissions:
contents: read
pull-requests: write
uses: ./.github/workflows/ci-django-api.yml
with:
python-version: "3.12"
Expand All @@ -83,6 +91,9 @@ jobs:

test-ci-uv-django-api:
name: Test ci-uv-django-api
permissions:
contents: read
pull-requests: write
uses: ./.github/workflows/ci-uv-django-api.yml
with:
python-version: "3.12"
Expand Down
Loading