serverless.yml

service: github-status-check
# app and org for use with dashboard.serverless.com
app: my-veracode
org: yaakovlerer

# You can pin your service to only deploy with a specific Serverless version
# Check out our docs for more details
frameworkVersion: '2'

useDotenv: true

package:
  exclude:
    - test/**
    - '**/*.test.js'
    - 'empty.env'
    - resources/**
    - permissions/**

custom:
  prod:
    Stack: ExampleSite
    LogLevel: info
  dev:
    Stack: ExampleSite
    LogLevel: debug
  settings:
    ACCOUNT_ID: "#{AWS::AccountId}"
    TARGET_REGION: ${self:provider.region}
    logLevel: ${self:custom.${opt:stage, self:provider.stage, 'dev'}.LogLevel}
    GITHUB_APP_ID: ${env:GITHUB_APP_ID}
    GITHUB_APP_INSTALL_ID: ${env:GITHUB_APP_INSTALL_ID}
    PEM: ${env:PEM}

provider:
  name: aws
  stage: prod 
  runtime: nodejs12.x
  region: ap-southeast-2
  apiGateway:
    shouldStartNameWithService: true
  iam:
    role:
      statements:
        - Effect: "Allow"
          Action:
            - sqs:SendMessage
          Resource: 
            - { "Fn::GetAtt" : ["ScanChecks","Arn"]}
            - { "Fn::GetAtt" : ["ImportFindings","Arn"]}
  environment: ${self:custom.settings}
  lambdaHashingVersion: 20201221

plugins:
  - serverless-pseudo-parameters
  - serverless-iam-roles-per-function

functions:
  # Listen to a call from GitHub Workflow 
  githubListener:
    handler: githubHandler.webhookListen
    memorySize: 128
    timeout: 10
    events:
      - http:
          path: /github
          method: post
  #     - http:
  #         path: /checkScanStatus/{appGUID}
  #         method: get
  veracodeForGithubBuildProcessor:
    handler: handler.sqsSingleScanSample
    memorySize: 128
    timeout: 20
    environment:
      API_ID: ${env:API_ID}
      API_KEY: ${env:API_KEY}
    events:
      - sqs:
          arn: 
            Fn::GetAtt:
              - ScanChecks
              - Arn
          batchSize: 1
  veracodePopulateGithubIssues:
    handler: awsHandlers/populateGithubIssues.handler
    memorySize: 128
    timeout: 30
    environment:
      API_ID: ${env:API_ID}
      API_KEY: ${env:API_KEY}
    events:
      - sqs:
          arn: 
            Fn::GetAtt:
              - ImportFindings
              - Arn
          batchSize: 1

resources:
  Resources:
    ScanChecks:
      Type: "AWS::SQS::Queue"
      Properties:
        QueueName: "ScanChecks"
        VisibilityTimeout: 90
        MessageRetentionPeriod: 43200
    ImportFindings:
      Type: "AWS::SQS::Queue"
      Properties:
        QueueName: "ImportFindings"
        VisibilityTimeout: 45
        MessageRetentionPeriod: 7200