Skip to content

Commit

Permalink
Chore: merging precommit check file into test.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
@JoshLarouche
JoshLarouche committed Sep 18, 2023
1 parent 92637a8 commit db2191d
Show file tree
Hide file tree
Showing 2 changed files with 235 additions and 125 deletions.
210 changes: 105 additions & 105 deletions .github/workflows/pre-commit-check.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,109 +1,109 @@
name: pre-commit
# name: pre-commit

on:
push:
workflow_dispatch:
# on:
# push:
# workflow_dispatch:

jobs:
install-client-dev-tools:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: yarn install --frozen-lockfile
working-directory: ./client
# jobs:
# install-client-dev-tools:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: dev env setup
# uses: ./.github/actions/dev-env-setup
# - run: yarn install --frozen-lockfile
# working-directory: ./client

install-server-dev-tools:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: Set up python
id: setup-python
uses: actions/setup-python@v4
with:
# do this dynamically with tool-versions version
python-version: "3.9.16"
- name: Install Poetry
uses: snok/install-poetry@v1
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
#----------------------------------------------
# install dependencies if cache does not exist
#----------------------------------------------
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
working-directory: ./bc_obps
- name: is pylint installed?
run: |
poetry run pylint --version
echo $PATH
working-directory: ./bc_obps
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
# install-server-dev-tools:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: dev env setup
# uses: ./.github/actions/dev-env-setup
# - name: Set up python
# id: setup-python
# uses: actions/setup-python@v4
# with:
# # do this dynamically with tool-versions version
# python-version: "3.9.16"
# - name: Install Poetry
# uses: snok/install-poetry@v1
# - name: Load cached venv
# id: cached-poetry-dependencies
# uses: actions/cache@v3
# with:
# path: .venv
# key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
# #----------------------------------------------
# # install dependencies if cache does not exist
# #----------------------------------------------
# - name: Install dependencies
# if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
# run: poetry install --no-interaction --no-root
# working-directory: ./bc_obps
# - name: is pylint installed?
# run: |
# poetry run pylint --version
# echo $PATH
# working-directory: ./bc_obps
# # - name: Setup tmate session
# # uses: mxschmitt/action-tmate@v3

# yarn-test:
# needs: install-client-dev-tools
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: dev env setup
# uses: ./.github/actions/dev-env-setup
# - run: yarn test
# working-directory: ./client
pre-commit:
needs: ["install-client-dev-tools", "install-server-dev-tools"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: pip install -r requirements.txt
- name: Set up python
id: setup-python
uses: actions/setup-python@v4
with:
# do this dynamically with tool-versions version
python-version: "3.9.16"
- name: Install Poetry
uses: snok/install-poetry@v1
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
#----------------------------------------------
# install dependencies if cache does not exist
#----------------------------------------------
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
working-directory: ./bc_obps
- name: is pylint installed?
run: |
poetry run pylint --version
echo $PATH
working-directory: ./bc_obps
- uses: pre-commit/[email protected]
# - uses: actions/setup-python@v2
- uses: terraform-linters/setup-tflint@v1
with:
tflint_version: latest
# - name: Analyze Kustomize Manifests
# run: |
# pwd
# ls -al
# curl https://get.datree.io | /bin/bash
# datree test tekton/base/pipelines/* --ignore-missing-schemas --no-record
# echo "scanning tasks..."
# datree test tekton/base/tasks/* --ignore-missing-schemas --no-record
# echo "scan triggers..."
# datree test tekton/base/triggers/* --ignore-missing-schemas --no-record
# # yarn-test:
# # needs: install-client-dev-tools
# # runs-on: ubuntu-latest
# # steps:
# # - uses: actions/checkout@v3
# # - name: dev env setup
# # uses: ./.github/actions/dev-env-setup
# # - run: yarn test
# # working-directory: ./client
# pre-commit:
# needs: ["install-client-dev-tools", "install-server-dev-tools"]
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v2
# - name: dev env setup
# uses: ./.github/actions/dev-env-setup
# - run: pip install -r requirements.txt
# - name: Set up python
# id: setup-python
# uses: actions/setup-python@v4
# with:
# # do this dynamically with tool-versions version
# python-version: "3.9.16"
# - name: Install Poetry
# uses: snok/install-poetry@v1
# - name: Load cached venv
# id: cached-poetry-dependencies
# uses: actions/cache@v3
# with:
# path: .venv
# key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
# #----------------------------------------------
# # install dependencies if cache does not exist
# #----------------------------------------------
# - name: Install dependencies
# if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
# run: poetry install --no-interaction --no-root
# working-directory: ./bc_obps
# - name: is pylint installed?
# run: |
# poetry run pylint --version
# echo $PATH
# working-directory: ./bc_obps
# - uses: pre-commit/[email protected]
# # - uses: actions/setup-python@v2
# - uses: terraform-linters/setup-tflint@v1
# with:
# tflint_version: latest
# # - name: Analyze Kustomize Manifests
# # run: |
# # pwd
# # ls -al
# # curl https://get.datree.io | /bin/bash
# # datree test tekton/base/pipelines/* --ignore-missing-schemas --no-record
# # echo "scanning tasks..."
# # datree test tekton/base/tasks/* --ignore-missing-schemas --no-record
# # echo "scan triggers..."
# # datree test tekton/base/triggers/* --ignore-missing-schemas --no-record
150 changes: 130 additions & 20 deletions .github/workflows/test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,108 @@ on:
jobs:
# codeql-scan:
# uses: bcgov/pipeline-templates/.github/workflows/codeql.yaml@main
install-client-dev-tools:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: yarn install --frozen-lockfile
working-directory: ./client

install-server-dev-tools:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: Set up python
id: setup-python
uses: actions/setup-python@v4
with:
# do this dynamically with tool-versions version
python-version: "3.9.16"
- name: Install Poetry
uses: snok/install-poetry@v1
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
#----------------------------------------------
# install dependencies if cache does not exist
#----------------------------------------------
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
working-directory: ./bc_obps
- name: is pylint installed?
run: |
poetry run pylint --version
echo $PATH
working-directory: ./bc_obps
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3

# yarn-test:
# needs: install-client-dev-tools
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: dev env setup
# uses: ./.github/actions/dev-env-setup
# - run: yarn test
# working-directory: ./client
pre-commit:
needs: ["install-client-dev-tools", "install-server-dev-tools"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: pip install -r requirements.txt
- name: Set up python
id: setup-python
uses: actions/setup-python@v4
with:
# do this dynamically with tool-versions version
python-version: "3.9.16"
- name: Install Poetry
uses: snok/install-poetry@v1
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
#----------------------------------------------
# install dependencies if cache does not exist
#----------------------------------------------
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
working-directory: ./bc_obps
- name: is pylint installed?
run: |
poetry run pylint --version
echo $PATH
working-directory: ./bc_obps
- uses: pre-commit/[email protected]
# - uses: actions/setup-python@v2
- uses: terraform-linters/setup-tflint@v1
with:
tflint_version: latest
# - name: Analyze Kustomize Manifests
# run: |
# pwd
# ls -al
# curl https://get.datree.io | /bin/bash
# datree test tekton/base/pipelines/* --ignore-missing-schemas --no-record
# echo "scanning tasks..."
# datree test tekton/base/tasks/* --ignore-missing-schemas --no-record
# echo "scan triggers..."
# datree test tekton/base/triggers/* --ignore-missing-schemas --no-record
docker-build:
runs-on: ubuntu-latest
strategy:
Expand Down Expand Up @@ -137,23 +239,31 @@ jobs:
with:
IMAGE: gregnrobinson/bcgov-nginx-demo
TAG: latest
sonar-repo-scan:
uses: bcgov/pipeline-templates/.github/workflows/sonar-scanner.yaml@main
with:
ORG: ci-testing
PROJECT_KEY: bcgov-pipeline-templates
URL: https://sonarcloud.io
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
owasp-zap-scan:
uses: bcgov/pipeline-templates/.github/workflows/owasp-scan.yaml@owasp-gcp-fix
with:
ZAP_SCAN_TYPE: "base" # Accepted values are base and full.
ZAP_TARGET_URL: "http://localhost:3004/"
ZAP_DURATION: "2"
ZAP_MAX_DURATION: "5"
ZAP_GCP_PUBLISH: false
ZAP_GCP_PROJECT: phronesis-310405 # Only required if ZAP_GCP_PUBLISH is TRUE
ZAP_GCP_BUCKET: "zap-scan-results" # Only required if ZAP_GCP_PUBLISH is TRUE
secrets:
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} # Only required if ZAP_GCP_PUBLISH is TRUE
# sonar-repo-scan:
# uses: bcgov/pipeline-templates/.github/workflows/sonar-scanner.yaml@main
# with:
# ORG: ci-testing
# PROJECT_KEY: bcgov-pipeline-templates
# URL: https://sonarcloud.io
# secrets:
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
zap-owasp:
needs:
["docker-build", "install-client-dev-tools", "install-server-dev-tools"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: run app locally
uses: ./.github/actions/local-app-run
- name: ZAP Base Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: "owasp/zap2docker-stable"
target: "http://localhost:3004/"
rules_file_name: ".zap/rules.tsv"
cmd_options: "-a -d -T 5 -m 2"
issue_title: OWASP Baseline
fail_action: false

0 comments on commit db2191d

Please sign in to comment.