From 1d63763a2b0e33dd75e6a29e7b1aa1e740067e27 Mon Sep 17 00:00:00 2001 From: Mustafa Date: Mon, 16 Dec 2024 08:50:01 -0800 Subject: [PATCH 1/4] Adding static analysis --- .github/workflows/ci.yml | 144 ++++++++++++++++++++++++++------------- 1 file changed, 97 insertions(+), 47 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bc6ec7f..2aded57 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,58 +11,108 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v2 - - name: Setup Node.js - uses: actions/setup-node@v2 - with: - node-version: '18' + - name: Setup Node.js + uses: actions/setup-node@v2 + with: + node-version: '18' - - name: Install dependencies - working-directory: ./backend - run: npm install + - name: Cache backend dependencies + uses: actions/cache@v3 + with: + path: ./backend/node_modules + key: ${{ runner.os }}-backend-dependencies-${{ hashFiles('backend/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-backend-dependencies- - - name: Build backend - working-directory: ./backend - run: npm run build + - name: Install dependencies + working-directory: ./backend + run: npm install + + - name: Build backend + working-directory: ./backend + run: npm run build frontend: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Setup Node.js - uses: actions/setup-node@v2 - with: - node-version: '18' - - - name: Install dependencies - working-directory: ./frontend - run: npm install - - - name: Start frontend - working-directory: ./frontend - run: | - npm run start & - sleep 60 - - - name: Check frontend status - run: | - if ! lsof -i:3000; then - echo "Frontend did not start successfully." >&2 - exit 1 - fi - - - name: Ensure frontend build is error-free - working-directory: ./frontend - env: - CI: false - run: | - npm run build - if [ $? -ne 0 ]; then - echo "Frontend build failed." >&2 - exit 1 - fi + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup Node.js + uses: actions/setup-node@v2 + with: + node-version: '18' + + - name: Cache frontend dependencies + uses: actions/cache@v3 + with: + path: ./frontend/node_modules + key: ${{ runner.os }}-frontend-dependencies-${{ hashFiles('frontend/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-frontend-dependencies- + + - name: Install dependencies + working-directory: ./frontend + run: npm install + + - name: Start frontend + working-directory: ./frontend + run: | + npm run start & + sleep 60 + + - name: Check frontend status + run: | + if ! lsof -i:3000; then + echo "Frontend did not start successfully." >&2 + exit 1 + fi + + - name: Ensure frontend build is error-free + working-directory: ./frontend + env: + CI: false + run: | + npm run build + if [ $? -ne 0 ]; then + echo "Frontend build failed." >&2 + exit 1 + fi + + codeql-analysis: + name: CodeQL Analysis + runs-on: ubuntu-latest + needs: [backend, frontend] # Ensure this job runs after backend and frontend + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: [ 'javascript', 'typescript' ] + # queries: ./path/to/your/custom/queries # Uncomment and set if using custom queries + + - name: Autobuild + run: | + # Build backend + cd backend + npm install + npm run build + cd ../frontend + npm install + npm run build + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "Security" # Optional From 91a4962715e55834bdc88050f9769996410ef72b Mon Sep 17 00:00:00 2001 From: Mustafa Date: Mon, 16 Dec 2024 08:57:08 -0800 Subject: [PATCH 2/4] seperating workflows --- .github/workflows/ci.yml | 144 ++++++++++++----------------------- .github/workflows/codeql.yml | 43 +++++++++++ 2 files changed, 90 insertions(+), 97 deletions(-) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2aded57..bc6ec7f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,108 +11,58 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v2 - - name: Setup Node.js - uses: actions/setup-node@v2 - with: - node-version: '18' + - name: Setup Node.js + uses: actions/setup-node@v2 + with: + node-version: '18' - - name: Cache backend dependencies - uses: actions/cache@v3 - with: - path: ./backend/node_modules - key: ${{ runner.os }}-backend-dependencies-${{ hashFiles('backend/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-backend-dependencies- + - name: Install dependencies + working-directory: ./backend + run: npm install - - name: Install dependencies - working-directory: ./backend - run: npm install - - - name: Build backend - working-directory: ./backend - run: npm run build + - name: Build backend + working-directory: ./backend + run: npm run build frontend: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Setup Node.js - uses: actions/setup-node@v2 - with: - node-version: '18' - - - name: Cache frontend dependencies - uses: actions/cache@v3 - with: - path: ./frontend/node_modules - key: ${{ runner.os }}-frontend-dependencies-${{ hashFiles('frontend/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-frontend-dependencies- - - - name: Install dependencies - working-directory: ./frontend - run: npm install - - - name: Start frontend - working-directory: ./frontend - run: | - npm run start & - sleep 60 - - - name: Check frontend status - run: | - if ! lsof -i:3000; then - echo "Frontend did not start successfully." >&2 - exit 1 - fi - - - name: Ensure frontend build is error-free - working-directory: ./frontend - env: - CI: false - run: | - npm run build - if [ $? -ne 0 ]; then - echo "Frontend build failed." >&2 - exit 1 - fi - - codeql-analysis: - name: CodeQL Analysis - runs-on: ubuntu-latest - needs: [backend, frontend] # Ensure this job runs after backend and frontend - permissions: - actions: read - contents: read - security-events: write - - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: [ 'javascript', 'typescript' ] - # queries: ./path/to/your/custom/queries # Uncomment and set if using custom queries - - - name: Autobuild - run: | - # Build backend - cd backend - npm install - npm run build - cd ../frontend - npm install - npm run build - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "Security" # Optional + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup Node.js + uses: actions/setup-node@v2 + with: + node-version: '18' + + - name: Install dependencies + working-directory: ./frontend + run: npm install + + - name: Start frontend + working-directory: ./frontend + run: | + npm run start & + sleep 60 + + - name: Check frontend status + run: | + if ! lsof -i:3000; then + echo "Frontend did not start successfully." >&2 + exit 1 + fi + + - name: Ensure frontend build is error-free + working-directory: ./frontend + env: + CI: false + run: | + npm run build + if [ $? -ne 0 ]; then + echo "Frontend build failed." >&2 + exit 1 + fi diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..7dd58fb --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,43 @@ +name: CodeQL + +on: + push: + branches: ['*'] + pull_request: + branches: ['*'] + schedule: + - cron: '0 0 * * 0' # Weekly analysis + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: [ 'javascript', 'typescript' ] + # queries: ./path/to/your/custom/queries # Uncomment and set if using custom queries + + - name: Autobuild + run: | + # Build backend + cd backend + npm install + npm run build + cd ../frontend + npm install + npm run build + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "Security" # Optional From cec19de17907d1ffa5dbacf6b4506009ab6b2e01 Mon Sep 17 00:00:00 2001 From: Mustafa Date: Mon, 16 Dec 2024 09:05:09 -0800 Subject: [PATCH 3/4] update readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 28d0374..a2d75ba 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ # SoundCircle -test \ No newline at end of file +SoundCircle is a dynamic platform designed to connect musicians, producers, and music enthusiasts from around the world. Whether you're looking to collaborate on a new track, find a band, or simply share your passion for music, SoundCircle provides the tools and community to make it happen. From c294b58d3a3b9de20b81bc73b596cda15e2a44fe Mon Sep 17 00:00:00 2001 From: Mustafa Date: Mon, 16 Dec 2024 09:10:05 -0800 Subject: [PATCH 4/4] yaml file invalid ,removed --- .github/workflows/codeql.yml | 43 ------------------------------------ 1 file changed, 43 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 7dd58fb..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: CodeQL - -on: - push: - branches: ['*'] - pull_request: - branches: ['*'] - schedule: - - cron: '0 0 * * 0' # Weekly analysis - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: [ 'javascript', 'typescript' ] - # queries: ./path/to/your/custom/queries # Uncomment and set if using custom queries - - - name: Autobuild - run: | - # Build backend - cd backend - npm install - npm run build - cd ../frontend - npm install - npm run build - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "Security" # Optional