Merge pull request Flutterwave#17 from Flutterwave/dev

corneliusyaovi · web-flow · commit bc2ddcb50c23 · 2025-05-19T17:03:00.000+01:00
Add security scan job to ci-cd workflow
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -0,0 +1,48 @@
+name: FlutterwaveSDK CI/CD Workflow
+
+on:
+  push:
+    branches:
+      - dev
+
+jobs:
+  build_and_publish:
+    name: Build, Test, and Publish
+    runs-on: macos-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+
+      - name: Set up CocoaPods
+        run: |
+          gem install cocoapods
+          pod install
+
+      - name: Build Framework
+        run: |
+          xcodebuild clean build -workspace FlutterwaveSDK.xcworkspace -scheme FlutterwaveSDK_Example -sdk iphonesimulator -destination "platform=iOS Simulator,name=iPhone 13"
+
+      - name: Install Dependencies
+        run: pod install
+
+      - name: Run Unit Tests
+        run: xcodebuild test -workspace FlutterwaveSDK.xcworkspace -scheme FlutterwaveSDK_Example -sdk iphonesimulator -destination "platform=iOS Simulator,name=iPhone 13"
+
+      - name: Run Coverage Scan
+        run: slather coverage -s --scheme FlutterwaveSDK_Example FlutterwaveSDK.xcodeproj
+
+      - name: Update Podspec Version
+        run: |
+          # Update the version in your podspec
+          sed -i '' "s/s.version *= *'[^']*'/s.version = '$(git describe --tags --abbrev=0 | sed 's/v//')'/g" FlutterwaveSDK.podspec
+
+      - name: Publish to CocoaPods
+        run: |
+          # Authenticate with CocoaPods repo using environment variables
+          echo -e "$POD_REPO_SECRET" | pod trunk register $POD_REPO 'rotimi.joshua@flutterwavego.com' --name='Rotimi Joshua' --silent
+          pod trunk push FlutterwaveSDK.podspec --allow-warnings
+
+env:
+  POD_REPO: 'https://github.com/CocoaPods/Specs.git'
+  POD_REPO_SECRET: ${{ secrets.COCOAPODS_REPO_SECRET }}
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -0,0 +1,29 @@
+name: Security scan on all changes (Commits/PRs)
+
+on:
+  push:
+    branches: ['main', 'master', 'pilot', 'dev']
+  pull_request:
+    types:
+      - opened
+
+jobs:
+  code-check:
+    runs-on: ubuntu-latest
+    env:
+      OS: ubuntu-latest
+      PYTHON: '3.7'
+    steps:
+    - name: checkout code
+      uses: actions/checkout@v2
+    
+
+    - name: Checkmarx One ClI Action
+      uses: checkmarx/ast-github-action@main
+      with:
+        project_name: Python-v2
+        cx_tenant: Flutterwave
+        base_uri: https://eu.ast.checkmarx.net/
+        cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+        cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+        additional_params: --scan-types sast,iac-security,api-security,sca,container-security
