LIBSCHOLAR-40 : Fixed masthead with bootstrap5. #55
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Ensure Brakeman Passes | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| brakeman: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Ruby & install gems (cached) | |
| uses: ./.github/actions/setup-ruby-deps | |
| - name: Print tool versions | |
| run: | | |
| echo "Ruby version: $(ruby -v)" | |
| echo "Gem version: $(gem -v)" | |
| echo "Bundler version: $(bundle -v)" | |
| echo "Brakeman version: $(bundle exec brakeman --version || echo 'not installed')" | |
| - name: Check if Brakeman is up-to-date (warn only) | |
| run: | | |
| set +e | |
| bundle exec brakeman -q --no-progress --ensure-latest >/dev/null | |
| CODE=$? | |
| set -e | |
| if [ "$CODE" -eq 5 ]; then | |
| echo "::warning title=Brakeman::Installed version is not the latest. Run 'bundle update brakeman' to update." | |
| elif [ "$CODE" -ne 0 ]; then | |
| echo "::error title=Brakeman::Version check failed::Exit code $CODE" | |
| exit $CODE | |
| fi | |
| - name: Run Brakeman (JSON) | |
| run: | | |
| mkdir -p tmp | |
| bundle exec brakeman -q --no-progress --no-exit-on-warn \ | |
| -f json -o tmp/brakeman-output.json | |
| - name: Run Brakeman (plain text for humans) | |
| run: | | |
| bundle exec brakeman -q --no-progress --no-exit-on-warn \ | |
| -f plain -o tmp/brakeman-output.txt || true | |
| - name: Show Brakeman JSON summary | |
| run: | | |
| echo "Warnings count: $(jq '.warnings | length' tmp/brakeman-output.json)" | |
| echo "High-confidence count: $(jq '[.warnings[] | select(.confidence == "High")] | length' tmp/brakeman-output.json)" | |
| - name: Upload Brakeman Reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: brakeman-report | |
| path: | | |
| tmp/brakeman-output.json | |
| tmp/brakeman-output.txt | |
| - name: Fail on High-confidence warnings | |
| run: | | |
| HIGH_CONF_COUNT=$(jq '[.warnings[] | select(.confidence == "High")] | length' tmp/brakeman-output.json) | |
| echo "High-confidence warnings: $HIGH_CONF_COUNT" | |
| if [ "$HIGH_CONF_COUNT" -gt 0 ]; then | |
| echo "Brakeman detected high-confidence warnings. Failing the job." | |
| exit 1 | |
| fi |