-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
.serverless | ||
.build | ||
.github | ||
.gitignore | ||
dist | ||
postgres-data | ||
es-data | ||
matomo-data | ||
matomo-db-data | ||
nvd-dump | ||
minio-data | ||
**/node_modules | ||
**/.cache | ||
./docs/node_modules |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
query-filters: | ||
Check warning on line 1 in .github/codeql.yml GitHub Actions / lint
|
||
- exclude: | ||
id: js/unused-local-variable |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,240 @@ | ||
name: Backend Pipeline | ||
|
||
on: | ||
push: | ||
branches: | ||
- master | ||
- production | ||
paths: | ||
- 'backend/**' | ||
- '.github/workflows/backend.yml' | ||
pull_request: | ||
branches: | ||
- master | ||
- production | ||
paths: | ||
- 'backend/**' | ||
- '.github/workflows/backend.yml' | ||
|
||
defaults: | ||
run: | ||
working-directory: ./backend | ||
|
||
jobs: | ||
lint: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: '18' | ||
- name: Restore npm cache | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.npm | ||
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | ||
restore-keys: | | ||
${{ runner.os }}-node- | ||
- name: Install dependencies | ||
run: npm ci | ||
- name: Lint | ||
run: npm run lint | ||
test: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 20 | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: '18' | ||
- name: Restore npm cache | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.npm | ||
key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} | ||
restore-keys: | | ||
${{ runner.os }}-node- | ||
- name: Install dependencies | ||
run: npm ci | ||
- name: Run site locally | ||
run: | | ||
cp dev.env.example .env | ||
docker-compose up -d db backend es | ||
npm install -g wait-port | ||
wait-port -t 3000 5432 9200 9300 | ||
working-directory: ./ | ||
- name: Sync database | ||
run: npm run syncdb | ||
working-directory: ./backend | ||
- name: Test | ||
run: npm run test -- --collectCoverage --silent | ||
- name: Package | ||
run: npx sls package | ||
env: | ||
SLS_DEBUG: '*' | ||
test_worker: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 20 | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: '18' | ||
- name: Restore npm cache | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.npm | ||
key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} | ||
restore-keys: | | ||
${{ runner.os }}-node- | ||
- name: Install dependencies | ||
run: npm ci | ||
- name: Build | ||
run: npx webpack --config webpack.worker.config.js | ||
- name: Run db locally | ||
run: | | ||
cp dev.env.example .env | ||
docker-compose up -d db | ||
npm install -g wait-port | ||
wait-port -t 3000 5432 | ||
working-directory: ./ | ||
- name: Test | ||
run: node dist/worker.bundle.js | ||
env: | ||
CROSSFEED_COMMAND_OPTIONS: '{"scanName": "test"}' | ||
DB_USERNAME: crossfeed | ||
DB_PASSWORD: password | ||
test_python: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 20 | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: Set up Python 3.10 | ||
uses: actions/[email protected] | ||
with: | ||
python-version: '3.10' | ||
- uses: actions/cache@v3 | ||
with: | ||
path: ~/.cache/pip | ||
key: pip-${{ hashFiles('**/requirements.txt') }} | ||
restore-keys: | | ||
pip- | ||
- run: pip install -r worker/requirements.txt | ||
- run: pytest | ||
build_worker: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 90 | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: '18' | ||
- name: Restore npm cache | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.npm | ||
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | ||
restore-keys: | | ||
${{ runner.os }}-node- | ||
- name: Install dependencies | ||
run: npm ci | ||
- name: Build worker container | ||
run: npm run build-worker | ||
working-directory: ./backend | ||
deploy_staging: | ||
needs: [build_worker, lint, test, test_worker, test_python] | ||
runs-on: ubuntu-latest | ||
environment: staging | ||
concurrency: 1 | ||
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: '18' | ||
- name: Restore npm cache | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.npm | ||
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | ||
restore-keys: | | ||
${{ runner.os }}-node- | ||
- name: Install dependencies | ||
run: npm ci | ||
|
||
- name: Ensure domain exists | ||
run: npx sls create_domain --stage=staging | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
SLS_DEBUG: '*' | ||
|
||
- name: Deploy backend | ||
run: npx sls deploy --stage=staging | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
SLS_DEBUG: '*' | ||
|
||
- name: Deploy worker | ||
run: npm run deploy-worker-staging | ||
working-directory: backend | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
||
- name: Run syncdb | ||
run: aws lambda invoke --function-name crossfeed-staging-syncdb --region us-east-1 /dev/stdout | ||
working-directory: backend | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
||
deploy_prod: | ||
needs: [build_worker, lint, test, test_python] | ||
runs-on: ubuntu-latest | ||
environment: production | ||
concurrency: 1 | ||
if: github.event_name == 'push' && github.ref == 'refs/heads/production' | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: '18' | ||
- name: Restore npm cache | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.npm | ||
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | ||
restore-keys: | | ||
${{ runner.os }}-node- | ||
- name: Install dependencies | ||
run: npm ci | ||
|
||
- name: Ensure domain exists | ||
run: npx sls create_domain --stage=prod | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
SLS_DEBUG: '*' | ||
|
||
- name: Deploy backend | ||
run: npx sls deploy --stage=prod | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
SLS_DEBUG: '*' | ||
|
||
- name: Deploy worker | ||
run: npm run deploy-worker-prod | ||
working-directory: backend | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
||
- name: Run syncdb | ||
run: aws lambda invoke --function-name crossfeed-prod-syncdb --region us-east-1 /dev/stdout | ||
working-directory: backend | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
name: "CodeQL" | ||
Check warning on line 1 in .github/workflows/codeql.yml GitHub Actions / lint
|
||
|
||
on: | ||
push: | ||
branches: [ "master", "production" ] | ||
Check failure on line 5 in .github/workflows/codeql.yml GitHub Actions / lint
Check failure on line 5 in .github/workflows/codeql.yml GitHub Actions / lint
Check failure on line 5 in .github/workflows/codeql.yml GitHub Actions / lint
|
||
pull_request: | ||
branches: [ "master" ] | ||
Check failure on line 7 in .github/workflows/codeql.yml GitHub Actions / lint
Check failure on line 7 in .github/workflows/codeql.yml GitHub Actions / lint
Check failure on line 7 in .github/workflows/codeql.yml GitHub Actions / lint
|
||
schedule: | ||
- cron: "23 17 * * 6" | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: [ javascript ] | ||
Check failure on line 23 in .github/workflows/codeql.yml GitHub Actions / lint
Check failure on line 23 in .github/workflows/codeql.yml GitHub Actions / lint
Check failure on line 23 in .github/workflows/codeql.yml GitHub Actions / lint
|
||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v3 | ||
with: | ||
languages: ${{ matrix.language }} | ||
config-file: ./.github/codeql.yml | ||
queries: +security-and-quality | ||
|
||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v3 | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v3 | ||
with: | ||
category: "/language:${{ matrix.language }}" |