From 229dcc95e811ea1d29a9652667026f3429153be4 Mon Sep 17 00:00:00 2001
From: James Mead <james.mead@digital.cabinet-office.gov.uk>
Date: Tue, 31 Oct 2023 17:57:59 +0000
Subject: [PATCH] Run brakeman checks in local build

This is already running as part of the CI build [1] and I've been caught
out before when the local build passed, but the CI build failed which is
sub-optimal. I copied the actual command from the one that runs in the
CI build [2].

Adding this to the `lint` rake task means that it will run when you run
the default rake task locally, but it won't run twice in CI, because the
latter doesn't run the default rake task.

[1]: https://github.com/alphagov/signon/blob/acae02f346e3880368f47622fcad2aa80558eb42/.github/workflows/ci.yml#L14-L16
[2]: https://github.com/alphagov/govuk-infrastructure/blob/6b6fe37cfd6af8ef57eff983e4356e96f7b3fd14/.github/workflows/brakeman.yml#L20C14-L20C71
---
 lib/tasks/lint.rake | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/tasks/lint.rake b/lib/tasks/lint.rake
index fae68785a..fe57ed47c 100644
--- a/lib/tasks/lint.rake
+++ b/lib/tasks/lint.rake
@@ -1,5 +1,6 @@
 desc "Run all linters"
 task lint: :environment do
   sh "yarn run lint"
+  sh "bundle exec brakeman . --except CheckRenderInline --quiet"
   sh "bundle exec rubocop"
 end