swift-server/swift-openapi-lambda
1
0
Fork 0
mirror of https://github.com/swift-server/swift-openapi-lambda.git synced 2026-05-03 07:22:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
10f3e99c4d0d7321fdf369c562f407c7512e8f4e
swift-openapi-lambda/.github/workflows/pull_request.yml
T
Sébastien Stormacq 10f3e99c4d Apply recommendation for security and reliability (#24) 
Apply recommendations in code and documentation

- [CI] restrict permissions to `read-all` instead of the default
`write-all`
- Example `openapi.yaml` : add a note about using `security:` definition
when deploying to production
- Example `README.md` : add a note about Lambda functions configuration
with improved security and scalability changes for production
environment
2025-09-27 12:05:20 +02:00

56 lines
2.0 KiB
YAML
Raw Blame History

# This workflow will build a Swift project on macOS and Linux
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-swift
name: swift-openapi-lambda-build
on:
push:
branches: ["main"]
pull_request:
types: [opened, reopened, synchronize]
# As per Checkov CKV2_GHA_1
permissions: read-all
jobs:
soundness:
name: Soundness
uses: swiftlang/github-workflows/.github/workflows/soundness.yml@main
with:
license_header_check_enabled: true
license_header_check_project_name: "Swift OpenAPI Lambda"
shell_check_enabled: false
python_lint_check_enabled: false
api_breakage_check_container_image: "swift:6.0-noble"
docs_check_container_image: "swift:6.0-noble"
format_check_container_image: "swiftlang/swift:nightly-6.0-jammy"
yamllint_check_enabled: false
unit-tests:
name: Unit tests
uses: apple/swift-nio/.github/workflows/unit_tests.yml@main
with:
linux_5_10_enabled: false
linux_6_0_enabled: true
linux_6_1_enabled: true
linux_nightly_main_enabled: true
linux_nightly_next_enabled: true
linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error"
linux_nightly_6_1_arguments_override: "--explicit-target-dependency-import-check error"
linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"
linux_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
swift-6-language-mode:
name: Swift 6 Language Mode
uses: apple/swift-nio/.github/workflows/swift_6_language_mode.yml@main
semver-label-check:
name: Semantic Version label check
runs-on: ubuntu-latest
timeout-minutes: 1
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
persist-credentials: false
- name: Check for Semantic Version label
uses: apple/swift-nio/.github/actions/pull_request_semver_label_checker@main
Reference in New Issue View Git Blame Copy Permalink