CE-22-Fix Schemaspy and Trivy scan (#168)

bcgov · Oct 19, 2023 · 8ccb398 · 8ccb398
1 parent 90c7844
commit 8ccb398
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/.github/workflows/schemaspy.yaml b/.github/workflows/schemaspy.yaml
@@ -8,9 +8,9 @@ on:
       - main
 
 jobs:
-  generate_schemaspy:
-    runs-on: ubuntu-latest
-
+  generate-schema-spy:
+    name: Generate SchemaSpy Documentation
+    runs-on: ubuntu-22.04
     services:
       postgres:
         image: postgis/postgis
@@ -27,21 +27,23 @@ jobs:
           - 5432:5432
 
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v4
       - uses: joshuaavalon/[email protected]
+        name: Generate SchemaSpy docs for node backend
         with:
           url: jdbc:postgresql://postgres:5432/postgres
           user: postgres
           password: default
         env:
           FLYWAY_VALIDATE_MIGRATION_NAMING: true
           FLYWAY_LOCATIONS: filesystem:./backend/db/migrations
+          FLYWAY_DEFAULT_SCHEMA: "public"
       - name: Create Output Folder
         run: |
           mkdir output
           chmod a+rwx -R output
       - name: Run Schemaspy
-        run: docker run --network host -v "$PWD/output:/output" schemaspy/schemaspy:snapshot -t pgsql -db postgres -host 127.0.0.1 -port 5432 -u postgres -p default
+        run: docker run --network host -v "$PWD/output:/output" schemaspy/schemaspy:6.2.4 -t pgsql -db default -host 127.0.0.1 -port 5432 -u postgres -p default -schemas public
       - name: Deploy to Pages
         uses: JamesIves/github-pages-deploy-action@v4
         with:

diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -44,17 +44,15 @@ jobs:
             -Dsonar.project.monorepo.enabled=true
             -Dsonar.projectKey=${{ matrix.sonar_projectKey }}
           sonar_project_token: ${{ secrets[matrix.token] }}
-
-  # https://github.com/marketplace/actions/aqua-security-trivy
   trivy:
     name: Trivy Security Scan
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-22.04
+    timeout-minutes: 1
     steps:
-      - uses: actions/checkout@v3
-
+      - uses: actions/checkout@v4
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.10.0
+        uses: aquasecurity/trivy-action@0.12.0
         with:
           format: "sarif"
           output: "trivy-results.sarif"