Skip to content

Commit

Permalink
[CI] Add supply chain security job for each service (#182)
Browse files Browse the repository at this point in the history
# Description
<!-- Please include a summary of the change(s) and which issue is being
fixed. Please provide as much detail as possible. -->
Added the GuardDog CI job to each service

<!-- Replace `XXX` with the concerning issue number. The \"#\" links
this PR to its relevant issue -->
Closes #136

## How to Test
<!-- Provide some simple steps so that others can verify your
implementation -->
Observe the green checkmarks for each `Supply Chain Security` CI job


## Checklist
- [ ] The code includes tests if relevant
- [x] I have *actually* self-reviewed my changes and done QA
<!-- Only check this off if you have actually done a self-review! DO NOT
request any review from others until you have done your self-review! -->
  • Loading branch information
MNThomson authored Jun 21, 2024
1 parent 940f7dd commit 4ec57d5
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 8 deletions.
18 changes: 16 additions & 2 deletions .github/workflows/algorithm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ jobs:
- name: Test
run: docker compose exec ${{ matrix.service }} pytest

security:
name: Security
sast:
name: Static Application Security Testing
runs-on: ubuntu-latest
strategy:
matrix:
Expand All @@ -78,3 +78,17 @@ jobs:
- name: Test
run: bandit -c .bandit -ll -ii -n 3 -a file -r src/

supply:
name: Supply Chain Security
runs-on: ubuntu-latest
strategy:
matrix:
service: [search, recommend]
fail-fast: false
steps:
- uses: actions/checkout@v4

- uses: pypa/[email protected]
with:
inputs: apps/algorithm/${{ matrix.service }}/requirements.txt
23 changes: 21 additions & 2 deletions .github/workflows/backend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,8 @@ jobs:
- name: Test
run: docker compose exec ${{ matrix.service == 'lib' && 'user' || matrix.service }} npm run ${{ matrix.service == 'lib' && '--prefix ../lib' || '' }} test:ci

security:
name: Security
sast:
name: Static Application Security Testing
runs-on: ubuntu-latest
strategy:
matrix:
Expand All @@ -92,3 +92,22 @@ jobs:
uses: ajinabraham/njsscan-action@master
with:
args: './apps/backend/${{ matrix.service }}'

supply:
name: Supply Chain Security
runs-on: ubuntu-latest
strategy:
matrix:
service: [user, listing, review, message, lib]
fail-fast: false
defaults:
run:
working-directory: apps/backend/${{ matrix.service }}
steps:
- uses: actions/checkout@v4

- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}

- run: npm audit --audit-level high
4 changes: 2 additions & 2 deletions .github/workflows/datalayer.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ jobs:
- name: Build
run: cargo build

security:
name: Security
supply:
name: Supply Chain Security
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
Expand Down
19 changes: 17 additions & 2 deletions .github/workflows/frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,8 @@ jobs:
- name: Test
run: npm run build

security:
name: Security
sast:
name: Static Application Security Testing
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
Expand All @@ -87,3 +87,18 @@ jobs:
uses: ajinabraham/njsscan-action@master
with:
args: './apps/frontend'

supply:
name: Supply Chain Security
runs-on: ubuntu-latest
defaults:
run:
working-directory: apps/frontend
steps:
- uses: actions/checkout@v4

- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}

- run: npm audit --audit-level high

0 comments on commit 4ec57d5

Please sign in to comment.