chore: add integration test to validate docker-compose#18
Conversation
| @@ -0,0 +1,56 @@ | |||
| name: Docker Compose Integration | |||
There was a problem hiding this comment.
🟠 Code Vulnerability
No explicit permissions set for at the workflow level (...read more)
Default permissions for the GITHUB_TOKEN are expected to be restricted (contents:read, metadata:read, and packages:read).
Your repository may require a different setup, so consider defining permissions for each job following the least privilege principle to restrict the impact of a possible compromise.
You can find the list of all possible permissions in Workflow syntax for GitHub Actions - GitHub Docs. They can be defined at the job or the workflow level.
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 |
There was a problem hiding this comment.
🟠 Code Vulnerability
Workflow depends on a GitHub actions pinned by tag instead of a hash. (...read more)
Pin GitHub Actions by commit hash to ensure supply chain security.
Using a branch (@main) or tag (@v1) allows for implicit updates, which can introduce unexpected or malicious changes. Instead, always pin actions to a full length commit SHA. You can find the commit SHA for the latest tag from the action’s repository and ensure frequent updates via auto-updaters such as dependabot. Include a comment with the corresponding full-length SemVer tag for clarity:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.26dbe6e9 to
117580c
Compare
117580c to
2086f34
Compare
Builds and fires up our
docker-composeto check that our test URLs run. An integration test for our local dev environment. I've also changed the user-service workflow to only fire PR builds if its subdirectory is touched.The test URLs for user-service i'm struggling with; we can sort this out after the enormous @jeastham1993 PR is merged!