From dc60fa324f7c122a84ef89d5e21ca135a5dc4a85 Mon Sep 17 00:00:00 2001 From: Artem Derevnjuk Date: Wed, 29 Oct 2025 23:54:12 +0400 Subject: [PATCH 1/6] Add GitHub Actions workflow for Bright security tests --- .github/workflows/bright.yaml | 61 +++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/bright.yaml diff --git a/.github/workflows/bright.yaml b/.github/workflows/bright.yaml new file mode 100644 index 0000000..78fd6c7 --- /dev/null +++ b/.github/workflows/bright.yaml @@ -0,0 +1,61 @@ +name: Bright + +on: + pull_request: + branches: + - '**' + +permissions: + checks: write + contents: read + id-token: write + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@4 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: '2.7' + + - name: Install dependencies + run: | + bundle install + + - name: Set up database + run: | + rake db:create + rake db:migrate + rake db:seed + + - name: Start application + run: | + rackup config.ru & + + - name: Wait for application to be ready + run: | + for i in {1..30}; do nc -z 127.0.0.1 9292 && exit 0 || sleep 5; done; exit 1 + + - name: Set up Node.js + uses: actions/setup-node@4 + with: + node-version: '22.x' + + - name: Install SecTesterJS dependencies + run: | + npm i --save=false --prefix .brightsec @sectester/core @sectester/repeater @sectester/scan @sectester/runner @sectester/reporter + + - name: Run security tests + env: + BRIGHT_HOSTNAME: ${{ vars.BRIGHT_HOSTNAME }} + BRIGHT_PROJECT_ID: ${{ vars.BRIGHT_PROJECT_ID }} + BRIGHT_AUTH_ID: ${{ vars.BRIGHT_AUTH_ID }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BRIGHT_TOKEN: ${{ secrets.BRIGHT_TOKEN }} + BRIGHT_TARGET_URL: 'http://127.0.0.1:9292' + run: | + node --experimental-transform-types --experimental-strip-types --experimental-detect-module --disable-warning=MODULE_TYPELESS_PACKAGE_JSON --disable-warning=ExperimentalWarning --test-force-exit --test-concurrency=4 --test .brightsec/tests/*.test.ts From 32f8edd402911492176890c93f5ec0c785af5f09 Mon Sep 17 00:00:00 2001 From: Artem Derevnjuk Date: Wed, 29 Oct 2025 23:55:11 +0400 Subject: [PATCH 2/6] Update actions/checkout and actions/setup-node versions --- .github/workflows/bright.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bright.yaml b/.github/workflows/bright.yaml index 78fd6c7..74648e1 100644 --- a/.github/workflows/bright.yaml +++ b/.github/workflows/bright.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@4 + uses: actions/checkout@v4 - name: Set up Ruby uses: ruby/setup-ruby@v1 @@ -41,7 +41,7 @@ jobs: for i in {1..30}; do nc -z 127.0.0.1 9292 && exit 0 || sleep 5; done; exit 1 - name: Set up Node.js - uses: actions/setup-node@4 + uses: actions/setup-node@v4 with: node-version: '22.x' From a8affa492f871c00368f96c041d345df57962ae5 Mon Sep 17 00:00:00 2001 From: Artem Derevnjuk Date: Wed, 29 Oct 2025 23:58:24 +0400 Subject: [PATCH 3/6] Update Ruby version in GitHub Actions workflow --- .github/workflows/bright.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bright.yaml b/.github/workflows/bright.yaml index 74648e1..63e7247 100644 --- a/.github/workflows/bright.yaml +++ b/.github/workflows/bright.yaml @@ -20,7 +20,7 @@ jobs: - name: Set up Ruby uses: ruby/setup-ruby@v1 with: - ruby-version: '2.7' + ruby-version: '2.3.8' - name: Install dependencies run: | From 015091ba1949a86b16956ac6826ee82a5706d79a Mon Sep 17 00:00:00 2001 From: Artem Derevnjuk Date: Thu, 30 Oct 2025 00:03:48 +0400 Subject: [PATCH 4/6] Update bright.yaml --- .github/workflows/bright.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/bright.yaml b/.github/workflows/bright.yaml index 63e7247..e480cc7 100644 --- a/.github/workflows/bright.yaml +++ b/.github/workflows/bright.yaml @@ -13,6 +13,24 @@ permissions: jobs: test: runs-on: ubuntu-latest + + services: + postgres: + image: postgres:9.6 + env: + POSTGRES_PASSWORD: postgres + POSTGRES_USER: postgres + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: + - 5432:5432 + + env: + DATABASE_URL: postgresql://postgres:postgres@localhost:5432/blog_development + steps: - name: Checkout code uses: actions/checkout@v4 From 01b7b35df405ce2192833d2f2cd727cbf0e6c9cf Mon Sep 17 00:00:00 2001 From: Artem Derevnjuk Date: Thu, 30 Oct 2025 00:27:24 +0400 Subject: [PATCH 5/6] Update DATABASE_URL for PostgreSQL service --- .github/workflows/bright.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bright.yaml b/.github/workflows/bright.yaml index e480cc7..04f696d 100644 --- a/.github/workflows/bright.yaml +++ b/.github/workflows/bright.yaml @@ -20,6 +20,7 @@ jobs: env: POSTGRES_PASSWORD: postgres POSTGRES_USER: postgres + POSTGRES_DB: blog_development options: >- --health-cmd pg_isready --health-interval 10s @@ -29,7 +30,7 @@ jobs: - 5432:5432 env: - DATABASE_URL: postgresql://postgres:postgres@localhost:5432/blog_development + DATABASE_URL: postgresql://postgres:postgres@postgres:5432/blog_development steps: - name: Checkout code From d0f6b49567893a6f98d27dd51e2072350aaac344 Mon Sep 17 00:00:00 2001 From: Artem Derevnjuk Date: Thu, 30 Oct 2025 02:01:50 +0400 Subject: [PATCH 6/6] Update PostgreSQL configuration in workflow --- .github/workflows/bright.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/bright.yaml b/.github/workflows/bright.yaml index 04f696d..7b02649 100644 --- a/.github/workflows/bright.yaml +++ b/.github/workflows/bright.yaml @@ -19,8 +19,6 @@ jobs: image: postgres:9.6 env: POSTGRES_PASSWORD: postgres - POSTGRES_USER: postgres - POSTGRES_DB: blog_development options: >- --health-cmd pg_isready --health-interval 10s @@ -30,7 +28,7 @@ jobs: - 5432:5432 env: - DATABASE_URL: postgresql://postgres:postgres@postgres:5432/blog_development + DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres steps: - name: Checkout code