fix test-on-ubuntu.yml and update zarn.yml (#116)

* address linter warnings * update test-on-ubuntu.yml * ci: update dependencies installation in Ubuntu workflow * update test-on-ubuntu.yml * update zarn.yml * update .perlcriticrc * update security-gate.yml - remove push trigger - add pull request trigger on develop branch - rename verification step
htrgouvea · Dec 16, 2024 · 8b6bdba · 8b6bdba
1 parent 2efcf37
commit 8b6bdba
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 16 deletions.
diff --git a/.github/workflows/security-gate.yml b/.github/workflows/security-gate.yml
@@ -1,12 +1,14 @@
 name: Security Gate - LESIS
 
 on:
-  push:
-    branches:
-      - main
   pull_request:
     branches:
       - main
+      - develop
+
+permissions:
+  security-events: read
+  contents: read
 
 jobs:
   build:
@@ -24,15 +26,15 @@ jobs:
     - name: Pull Docker image from GitHub Container Registry
       run: docker pull ghcr.io/instriq/security-gate/security-gate:latest
 
-    - name: Verify security alerts from dependabot
+    - name: Verify security alerts from GHAS
       run: |
         docker run ghcr.io/instriq/security-gate/security-gate:latest \
-        -t $GITHUB_TOKEN \
-        -r ${{ github.repository }} \
-        --critical $MAX_CRITICAL \
-        --high $MAX_HIGH \
-        --medium $MAX_MEDIUM \
-        --low $MAX_LOW \
+        -t "$GITHUB_TOKEN" \
+        -r "${{ github.repository }}" \
+        -c "$MAX_CRITICAL" \
+        -h "$MAX_HIGH" \
+        -m "$MAX_MEDIUM" \
+        -l "$MAX_LOW" \
         --dependency-alerts \
-        --code-alerts \
-        --secret-alerts 
+        --secret-alerts \
+        --code-alerts
diff --git a/.github/workflows/test-on-ubuntu.yml b/.github/workflows/test-on-ubuntu.yml
@@ -9,7 +9,8 @@ jobs:
     - uses: actions/checkout@v4
     - name: Install dependencies
       run: |
-        sudo apt install -y perl cpanminus
+        sudo apt-get update
+        sudo apt-get install -y perl cpanminus build-essential libdatetime-perl libssl-dev libexpat1-dev libpcap-dev masscan 
         sudo cpanm --installdeps .
     - name: Verify the basic usage
       run: |

diff --git a/.github/workflows/zarn.yml b/.github/workflows/zarn.yml
@@ -2,9 +2,11 @@ name: ZARN SAST
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "develop" ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ "main", "develop" ]
+  schedule:
+    - cron: '28 23 * * 1'
 
 jobs:
   zarn:

diff --git a/.perlcriticrc b/.perlcriticrc
@@ -1,4 +1,7 @@
 severity = 3
 
 [-TestingAndDebugging::RequireUseStrict]
-[-TestingAndDebugging::RequireUseWarnings]
+[-TestingAndDebugging::RequireUseWarnings]
+
+[TestingAndDebugging::ProhibitNoWarnings]
+allow = once