diff --git a/.github/workflows/bright.yaml b/.github/workflows/bright.yaml new file mode 100644 index 0000000..7b02649 --- /dev/null +++ b/.github/workflows/bright.yaml @@ -0,0 +1,78 @@ +name: Bright + +on: + pull_request: + branches: + - '**' + +permissions: + checks: write + contents: read + id-token: write + +jobs: + test: + runs-on: ubuntu-latest + + services: + postgres: + image: postgres:9.6 + env: + POSTGRES_PASSWORD: postgres + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: + - 5432:5432 + + env: + DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: '2.3.8' + + - name: Install dependencies + run: | + bundle install + + - name: Set up database + run: | + rake db:create + rake db:migrate + rake db:seed + + - name: Start application + run: | + rackup config.ru & + + - name: Wait for application to be ready + run: | + for i in {1..30}; do nc -z 127.0.0.1 9292 && exit 0 || sleep 5; done; exit 1 + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '22.x' + + - name: Install SecTesterJS dependencies + run: | + npm i --save=false --prefix .brightsec @sectester/core @sectester/repeater @sectester/scan @sectester/runner @sectester/reporter + + - name: Run security tests + env: + BRIGHT_HOSTNAME: ${{ vars.BRIGHT_HOSTNAME }} + BRIGHT_PROJECT_ID: ${{ vars.BRIGHT_PROJECT_ID }} + BRIGHT_AUTH_ID: ${{ vars.BRIGHT_AUTH_ID }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BRIGHT_TOKEN: ${{ secrets.BRIGHT_TOKEN }} + BRIGHT_TARGET_URL: 'http://127.0.0.1:9292' + run: | + node --experimental-transform-types --experimental-strip-types --experimental-detect-module --disable-warning=MODULE_TYPELESS_PACKAGE_JSON --disable-warning=ExperimentalWarning --test-force-exit --test-concurrency=4 --test .brightsec/tests/*.test.ts