Skip to content

Commit 0437445

Browse files
codeunia-devcodeunia-dev
authored
Update ci-cd.yml
1 parent 4ebd311 commit 0437445

File tree

1 file changed

+19
-16
lines changed

1 file changed

+19
-16
lines changed

.github/workflows/ci-cd.yml

Lines changed: 19 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -135,9 +135,6 @@ jobs:
135135
- name: Install dependencies
136136
run: npm ci
137137

138-
# Note: Snyk and Semgrep removed to stick with GitHub-native tools only
139-
# Dependency vulnerability scanning is handled by npm audit in the security job
140-
141138
# CodeQL Analysis
142139
- name: Initialize CodeQL
143140
uses: github/codeql-action/init@v3
@@ -155,25 +152,18 @@ jobs:
155152
- name: Run custom security checks
156153
run: |
157154
echo "Running custom security checks..."
158-
159-
# Check for potential SQL injection patterns
160155
if grep -r "\.query\|\.raw\|\.exec" --include="*.ts" --include="*.js" app/ lib/; then
161156
echo "⚠️ Potential SQL injection patterns found"
162157
echo "Please review the above files for proper parameterization"
163158
fi
164-
165-
# Check for potential XSS vulnerabilities
166159
if grep -r "dangerouslySetInnerHTML\|innerHTML" --include="*.tsx" --include="*.jsx" app/ components/; then
167160
echo "⚠️ Potential XSS vulnerabilities found"
168161
echo "Please review the above files for proper sanitization"
169162
fi
170-
171-
# Check for hardcoded secrets
172163
if grep -r "password\|secret\|key\|token" --include="*.ts" --include="*.js" --exclude-dir=node_modules --exclude-dir=.git app/ lib/ | grep -v "process\.env"; then
173164
echo "⚠️ Potential hardcoded secrets found"
174165
echo "Please review the above files and use environment variables"
175166
fi
176-
177167
echo "✅ Custom security checks completed"
178168
179169
# OWASP ZAP Baseline Scan
@@ -262,11 +252,17 @@ jobs:
262252
- name: Install Vercel CLI
263253
run: npm install -g vercel@latest
264254

255+
- name: Debug Vercel Org/Project IDs
256+
run: |
257+
echo "VERCEL_ORG_ID=${{ secrets.VERCEL_ORG_ID }}"
258+
echo "VERCEL_PROJECT_ID=${{ secrets.VERCEL_PROJECT_ID }}"
259+
260+
- name: Vercel whoami
261+
run: vercel whoami --token ${{ secrets.VERCEL_TOKEN }}
262+
265263
- name: Deploy to Vercel (Staging)
266264
run: |
267-
# Remove any existing .vercel directory to avoid conflicts
268265
rm -rf .vercel
269-
# Deploy directly using scope and project flags
270266
vercel --token ${{ secrets.VERCEL_TOKEN }} --scope ${{ secrets.VERCEL_ORG_ID }} --project ${{ secrets.VERCEL_PROJECT_ID }} --yes
271267
env:
272268
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
@@ -297,11 +293,17 @@ jobs:
297293
- name: Install Vercel CLI
298294
run: npm install -g vercel@latest
299295

296+
- name: Debug Vercel Org/Project IDs
297+
run: |
298+
echo "VERCEL_ORG_ID=${{ secrets.VERCEL_ORG_ID }}"
299+
echo "VERCEL_PROJECT_ID=${{ secrets.VERCEL_PROJECT_ID }}"
300+
301+
- name: Vercel whoami
302+
run: vercel whoami --token ${{ secrets.VERCEL_TOKEN }}
303+
300304
- name: Deploy to Vercel (Production)
301305
run: |
302-
# Remove any existing .vercel directory to avoid conflicts
303306
rm -rf .vercel
304-
# Deploy directly using scope and project flags
305307
vercel --prod --token ${{ secrets.VERCEL_TOKEN }} --scope ${{ secrets.VERCEL_ORG_ID }} --project ${{ secrets.VERCEL_PROJECT_ID }} --yes
306308
env:
307309
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
@@ -330,11 +332,12 @@ jobs:
330332
- name: Checkout code
331333
uses: actions/checkout@v4
332334

335+
- name: Install Vercel CLI
336+
run: npm install -g vercel@latest
337+
333338
- name: Rollback deployment
334339
run: |
335-
# Remove any existing .vercel directory to avoid conflicts
336340
rm -rf .vercel
337-
# Perform rollback using scope flag
338341
vercel rollback --token ${{ secrets.VERCEL_TOKEN }} --scope ${{ secrets.VERCEL_ORG_ID }} --yes
339342
env:
340343
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}

0 commit comments

Comments
 (0)