Skip to content

chore: add integration test to validate docker-compose#18

Merged
jeastham1993 merged 2 commits into
mainfrom
chore/integration-test-compose
May 28, 2025
Merged

chore: add integration test to validate docker-compose#18
jeastham1993 merged 2 commits into
mainfrom
chore/integration-test-compose

Conversation

@scottgerring

@scottgerring scottgerring commented May 28, 2025

Copy link
Copy Markdown
Member

Builds and fires up our docker-compose to check that our test URLs run. An integration test for our local dev environment. I've also changed the user-service workflow to only fire PR builds if its subdirectory is touched.

The test URLs for user-service i'm struggling with; we can sort this out after the enormous @jeastham1993 PR is merged!

@@ -0,0 +1,56 @@
name: Docker Compose Integration

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 Code Vulnerability

No explicit permissions set for at the workflow level (...read more)

Default permissions for the GITHUB_TOKEN are expected to be restricted (contents:read, metadata:read, and packages:read).

Your repository may require a different setup, so consider defining permissions for each job following the least privilege principle to restrict the impact of a possible compromise.

You can find the list of all possible permissions in Workflow syntax for GitHub Actions - GitHub Docs. They can be defined at the job or the workflow level.

View in Datadog  Leave us feedback  Documentation

uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 Code Vulnerability

Workflow depends on a GitHub actions pinned by tag instead of a hash. (...read more)

Pin GitHub Actions by commit hash to ensure supply chain security.

Using a branch (@main) or tag (@v1) allows for implicit updates, which can introduce unexpected or malicious changes. Instead, always pin actions to a full length commit SHA. You can find the commit SHA for the latest tag from the action’s repository and ensure frequent updates via auto-updaters such as dependabot. Include a comment with the corresponding full-length SemVer tag for clarity:

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

View in Datadog  Leave us feedback  Documentation

@scottgerring scottgerring force-pushed the chore/integration-test-compose branch 5 times, most recently from 6dbe6e9 to 117580c Compare May 28, 2025 12:58
@scottgerring scottgerring marked this pull request as ready for review May 28, 2025 13:03
@scottgerring scottgerring force-pushed the chore/integration-test-compose branch from 117580c to 2086f34 Compare May 28, 2025 13:07
@jeastham1993 jeastham1993 self-requested a review May 28, 2025 15:08
@jeastham1993 jeastham1993 merged commit bf603c8 into main May 28, 2025
2 checks passed
@jeastham1993 jeastham1993 deleted the chore/integration-test-compose branch May 28, 2025 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants