Skip to content

Commit

Permalink
Merge branch 'main' into sms-soak-test
Browse files Browse the repository at this point in the history
  • Loading branch information
sastels authored Nov 8, 2023
2 parents de27377 + 8e0c99f commit 3149b19
Show file tree
Hide file tree
Showing 10 changed files with 66 additions and 26 deletions.
37 changes: 37 additions & 0 deletions .github/workflows/backstage-catalog-helper.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Backstage Catalog Info Helper
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"

jobs:
update-catalog-info:
runs-on: ubuntu-latest
steps:
- name: Checkout Actions
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
fetch-depth: 0
- name: Run Backstage Catalog Info Helper
uses: cds-snc/[email protected]
with:
github_app_id: ${{ secrets.SRE_BOT_RW_APP_ID }}
github_app_private_key: ${{ secrets.SRE_BOT_RW_PRIVATE_KEY }}
github_organization: cds-snc
- name: impersonate Read/Write GH App
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
id: generate_token
with:
app_id: ${{ secrets.SRE_BOT_RW_APP_ID }}
private_key: ${{ secrets.SRE_BOT_RW_PRIVATE_KEY }}
- name: Create pull request
uses: peter-evans/create-pull-request@v3
with:
token: ${{ steps.generate_token.outputs.token}}
commit-message: 'Add catalog-info.yaml'
branch: 'backstage/catalog-info'
title: 'Add catalog-info.yaml'
body: 'Adding a basic catalog-info.yaml to start populating the backstage catalog with your components.'
labels: 'backstage'
add-paths: |
catalog-info.yaml
6 changes: 3 additions & 3 deletions .github/workflows/build_and_push_performance_test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
images: ${{ steps.filter.outputs.changes }}
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
Expand All @@ -41,7 +41,7 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Build container
run: |
Expand All @@ -61,7 +61,7 @@ jobs:

- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1

- name: Push containers to ECR
run: |
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,18 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Initialize CodeQL
uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
with:
languages: ${{ matrix.language }}
queries: +security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
uses: github/codeql-action/autobuild@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
with:
category: "/language:${{ matrix.language }}"
8 changes: 4 additions & 4 deletions .github/workflows/docker-vulnerability-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,12 @@ jobs:

- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1
with:
registry-type: public

- name: Docker vulnerability scan
uses: cds-snc/security-tools/.github/actions/docker-scan@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3
uses: cds-snc/security-tools/.github/actions/docker-scan@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4
with:
docker_image: "${{ env.DOCKER_IMAGE }}:latest"
dockerfile_path: "${{ env.DOCKERFILE_PATH }}"
Expand Down Expand Up @@ -62,10 +62,10 @@ jobs:
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1

- name: Docker vulnerability scan
uses: cds-snc/security-tools/.github/actions/docker-scan@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3
uses: cds-snc/security-tools/.github/actions/docker-scan@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4
with:
docker_image: "${{ env.DOCKER_IMAGE }}:${{ env.IMAGE_TAG }}"
dockerfile_path: "${{ env.DOCKERFILE_PATH }}"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest
name: Build and push
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install AWS CLI
run: |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
Expand All @@ -43,7 +43,7 @@ jobs:

- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1
with:
registry-type: public

Expand Down Expand Up @@ -90,7 +90,7 @@ jobs:
TOKEN: ${{ steps.notify-pr-bot.outputs.token }}

- name: Generate docker SBOM
uses: cds-snc/security-tools/.github/actions/generate-sbom@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3
uses: cds-snc/security-tools/.github/actions/generate-sbom@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4
with:
docker_image: "${{ env.DOCKER_SLUG }}:latest"
dockerfile_path: "ci/Dockerfile"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/lambda_production.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Configure AWS credentials
id: aws-creds
Expand All @@ -43,14 +43,14 @@ jobs:
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1

- name: Push containers to ECR
run: |
docker push $REGISTRY/${{ matrix.image }}:$IMAGE_TAG
- name: Generate docker SBOM
uses: cds-snc/security-tools/.github/actions/generate-sbom@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3
uses: cds-snc/security-tools/.github/actions/generate-sbom@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4
with:
docker_image: "${{ env.REGISTRY }}/${{ matrix.image }}:${{ env.IMAGE_TAG }}"
dockerfile_path: "ci/Dockerfile.lambda"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/lambda_staging.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Configure AWS credentials
id: aws-creds
Expand All @@ -39,7 +39,7 @@ jobs:
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1

- name: Push containers to ECR
run: |
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/performance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ jobs:
steps:
- name: Install libcurl
run: sudo apt-get update && sudo apt-get install libssl-dev libcurl4-openssl-dev
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python 3.10
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
with:
python-version: '3.10'
- name: Upgrade pip
run: python -m pip install --upgrade pip
- uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
- uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ jobs:
steps:
- name: Install libcurl
run: sudo apt-get update && sudo apt-get install libssl-dev libcurl4-openssl-dev
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python 3.10
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
with:
python-version: '3.10'
- name: Upgrade pip
run: python -m pip install --upgrade pip
- uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
- uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
Expand All @@ -43,7 +43,7 @@ jobs:
run: poetry run make test
- name: Upload pytest logs on failure
if: ${{ failure() }}
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: pytest-logs
path: |
Expand Down
3 changes: 3 additions & 0 deletions gunicorn_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
import sys
import traceback

import gunicorn # type: ignore
import newrelic.agent # See https://bit.ly/2xBVKBH

newrelic.agent.initialize() # noqa: E402
Expand All @@ -11,6 +12,8 @@
worker_connections = 256
bind = "0.0.0.0:{}".format(os.getenv("PORT"))
accesslog = "-"
# Guincorn sets the server type on our app. We don't want to show it in the header in the response.
gunicorn.SERVER = "Undisclosed"

on_aws = os.environ.get("NOTIFY_ENVIRONMENT", "") in ["production", "staging", "scratch", "dev"]
if on_aws:
Expand Down

0 comments on commit 3149b19

Please sign in to comment.