From 6ba0fe4456d4276d2efe5f353f529cc630db4b1e Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Mon, 19 Aug 2024 23:33:24 +0200
Subject: [PATCH] Add code linting

---
 .github/workflows/publish.yml | 27 +++++++++++++++++++++++++++
 Makefile                      |  8 ++++++++
 2 files changed, 35 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 5b8bd70..bb5fd48 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -4,7 +4,34 @@ name: CI Workflow
 on: push
 
 jobs:
+  test:
+    defaults:
+      run:
+        shell: bash
+
+    container:
+      image: luzifer/gh-arch-env
+
+    permissions:
+      contents: read
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          show-progress: false
+
+      - name: Marking workdir safe
+        run: git config --global --add safe.directory /__w/stadt-land-fluss/stadt-land-fluss
+
+      - name: Lint code
+        run: make frontend_lint trivy
+
   gh-page-publish:
+    if: ${{ github.ref == 'refs/heads/master' }}
+    needs: [test]
+
     defaults:
       run:
         shell: bash
diff --git a/Makefile b/Makefile
index ea95c75..0ae0689 100644
--- a/Makefile
+++ b/Makefile
@@ -14,3 +14,11 @@ frontend_lint: node_modules
 
 node_modules:
 	npm ci --include dev
+
+trivy:
+	trivy fs . \
+		--dependency-tree \
+		--format table \
+		--quiet \
+		--scanners misconfig,license,secret,vuln \
+		--severity HIGH,CRITICAL