steps: audit_dependencies: image: node:20 environment: DISCORD_WEBHOOK: from_secret: discord_webhook commands: - npm install --package-lock-only - npm audit --audit-level=moderate || AUDIT_EXIT=$? - | if [ ! -z "$AUDIT_EXIT" ]; then echo "" echo "==========================================" echo "⚠️ WARNING: npm audit found vulnerabilities!" echo "⚠️ Please review the security issues above" echo "⚠️ Build continues despite vulnerabilities" echo "==========================================" echo "" # Discord Benachrichtigung senden if [ ! -z "$DISCORD_WEBHOOK" ]; then curl -H "Content-Type: application/json" \ -d "{ \"embeds\": [{ \"title\": \"⚠️ npm audit Warnung\", \"description\": \"Es wurden Sicherheitslücken in den Dependencies gefunden!\", \"color\": 16744448, \"fields\": [ { \"name\": \"Repository\", \"value\": \"Gallus_Pub\", \"inline\": true }, { \"name\": \"Branch\", \"value\": \"${CI_COMMIT_BRANCH}\", \"inline\": true }, { \"name\": \"Commit\", \"value\": \"${CI_COMMIT_SHA:0:7}\", \"inline\": true } ], \"footer\": { \"text\": \"Build läuft trotzdem durch\" }, \"timestamp\": \"$(date -u +%Y-%m-%dT%H:%M:%S.000Z)\" }] }" \ "$DISCORD_WEBHOOK" fi else echo "✓ No vulnerabilities found" fi - exit 0 when: branch: main event: push deploy_frontend: image: node:20 environment: FLY_API_TOKEN: from_secret: FLY_API_TOKEN commands: - curl -L https://fly.io/install.sh | sh - export PATH="$HOME/.fly/bin:$PATH" - flyctl deploy --config fly.toml --app gallus-pub --remote-only when: branch: main event: push