Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CODEOWNERS #5

Merged
merged 20 commits into from
Mar 6, 2024
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
14 changes: 14 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
.serverless
.build
.github
.gitignore
dist
postgres-data
es-data
matomo-data
matomo-db-data
nvd-dump
minio-data
**/node_modules
**/.cache
./docs/node_modules
4 changes: 3 additions & 1 deletion .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@
# These owners will be the default owners for everything in the
# repo. Unless a later match takes precedence, these owners will be
# requested for review when someone opens a pull request.
* @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj


* @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj @rapidray12 @schmelz21 @cduhn17 @aloftus23 @Matthew-Grayson @nickviola
cduhn17 marked this conversation as resolved.
Show resolved Hide resolved

# These folks own any files in the .github directory at the root of
# the repository and any of its subdirectories.
Expand Down
4 changes: 4 additions & 0 deletions .github/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
query-filters:
- exclude:
id: js/unused-local-variable
57 changes: 44 additions & 13 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@
---

# Any ignore directives should be uncommented in downstream projects to disable
# Dependabot updates for the given dependency. Downstream projects will get
# these updates when the pull request(s) in the appropriate skeleton are merged
# and Lineage processes these changes.

version: 2
updates:
- directory: /
# ignore:
Expand All @@ -22,14 +17,50 @@
package-ecosystem: github-actions
schedule:
interval: weekly

- directory: /
package-ecosystem: pip
schedule:
interval: weekly

- directory: /
package-ecosystem: terraform
schedule:
interval: weekly
version: 2
- package-ecosystem: 'npm'
directory: '/'
schedule:
interval: 'weekly'
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-patch","version-update:semver-minor"]

Check failure on line 30 in .github/dependabot.yml

View workflow job for this annotation

GitHub Actions / lint

30:54 [commas] too few spaces after comma

Check failure on line 30 in .github/dependabot.yml

View workflow job for this annotation

GitHub Actions / lint

30:54 [commas] too few spaces after comma
- package-ecosystem: "npm"
directory: "/frontend"
schedule:
interval: "weekly"
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-patch","version-update:semver-minor"]

Check failure on line 37 in .github/dependabot.yml

View workflow job for this annotation

GitHub Actions / lint

37:54 [commas] too few spaces after comma

Check failure on line 37 in .github/dependabot.yml

View workflow job for this annotation

GitHub Actions / lint

37:54 [commas] too few spaces after comma
- package-ecosystem: "npm"
directory: "/backend"
schedule:
interval: "weekly"
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-patch","version-update:semver-minor"]
- package-ecosystem: "pip"
directory: "/backend/worker"
schedule:
interval: "weekly"
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-patch","version-update:semver-minor"]
- package-ecosystem: 'docker'
directory: '/'
schedule:
interval: 'weekly'
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-patch","version-update:semver-minor"]
- package-ecosystem: 'github-actions'
directory: '/'
schedule:
interval: 'weekly'
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-patch","version-update:semver-minor"]

240 changes: 240 additions & 0 deletions .github/workflows/backend.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,240 @@
name: Backend Pipeline

on:
push:
branches:
- develop
- production
paths:
- 'backend/**'
- '.github/workflows/backend.yml'
pull_request:
branches:
- develop
- production
paths:
- 'backend/**'
- '.github/workflows/backend.yml'

defaults:
run:
working-directory: ./backend

jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
- name: Restore npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm ci
- name: Lint
run: npm run lint
test:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
- name: Restore npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm ci
- name: Run site locally
run: |
cp dev.env.example .env
docker-compose up -d db backend es
npm install -g wait-port
wait-port -t 3000 5432 9200 9300
working-directory: ./
- name: Sync database
run: npm run syncdb
working-directory: ./backend
- name: Test
run: npm run test -- --collectCoverage --silent
- name: Package
run: npx sls package
env:
SLS_DEBUG: '*'
test_worker:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
- name: Restore npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm ci
- name: Build
run: npx webpack --config webpack.worker.config.js
- name: Run db locally
run: |
cp dev.env.example .env
docker-compose up -d db
npm install -g wait-port
wait-port -t 3000 5432
working-directory: ./
- name: Test
run: node dist/worker.bundle.js
env:
CROSSFEED_COMMAND_OPTIONS: '{"scanName": "test"}'
DB_USERNAME: crossfeed
DB_PASSWORD: password
test_python:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.10
uses: actions/[email protected]
with:
python-version: '3.10'
- uses: actions/cache@v3
with:
path: ~/.cache/pip
key: pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
pip-
- run: pip install -r worker/requirements.txt
- run: pytest
build_worker:
runs-on: ubuntu-latest
timeout-minutes: 90
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
- name: Restore npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm ci
- name: Build worker container
run: npm run build-worker
working-directory: ./backend
deploy_staging:
needs: [build_worker, lint, test, test_worker, test_python]
runs-on: ubuntu-latest
environment: staging
concurrency: 1
if: github.event_name == 'push' && github.ref == 'refs/heads/develop'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
- name: Restore npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm ci

- name: Ensure domain exists
run: npx sls create_domain --stage=staging
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
SLS_DEBUG: '*'

- name: Deploy backend
run: npx sls deploy --stage=staging
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
SLS_DEBUG: '*'

- name: Deploy worker
run: npm run deploy-worker-staging
working-directory: backend
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

- name: Run syncdb
run: aws lambda invoke --function-name crossfeed-staging-syncdb --region us-east-1 /dev/stdout
working-directory: backend
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

deploy_prod:
needs: [build_worker, lint, test, test_python]
runs-on: ubuntu-latest
environment: production
concurrency: 1
if: github.event_name == 'push' && github.ref == 'refs/heads/production'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
- name: Restore npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm ci

- name: Ensure domain exists
run: npx sls create_domain --stage=prod
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
SLS_DEBUG: '*'

- name: Deploy backend
run: npx sls deploy --stage=prod
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
SLS_DEBUG: '*'

- name: Deploy worker
run: npm run deploy-worker-prod
working-directory: backend
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

- name: Run syncdb
run: aws lambda invoke --function-name crossfeed-prod-syncdb --region us-east-1 /dev/stdout
working-directory: backend
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
42 changes: 42 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: "CodeQL"

Check warning on line 1 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

1:1 [document-start] missing document start "---"

Check warning on line 1 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

1:1 [document-start] missing document start "---"

on:
push:
branches: [ "develop", "production" ]

Check failure on line 5 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

5:16 [brackets] too many spaces inside brackets

Check failure on line 5 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

5:40 [brackets] too many spaces inside brackets

Check failure on line 5 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

5:16 [brackets] too many spaces inside brackets

Check failure on line 5 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

5:40 [brackets] too many spaces inside brackets
pull_request:
branches: [ "develop" ]

Check failure on line 7 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

7:16 [brackets] too many spaces inside brackets

Check failure on line 7 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

7:26 [brackets] too many spaces inside brackets

Check failure on line 7 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

7:16 [brackets] too many spaces inside brackets

Check failure on line 7 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

7:26 [brackets] too many spaces inside brackets
schedule:
- cron: "23 17 * * 6"

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ javascript ]

Check failure on line 23 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

23:20 [brackets] too many spaces inside brackets

Check failure on line 23 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

23:31 [brackets] too many spaces inside brackets

Check failure on line 23 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

23:20 [brackets] too many spaces inside brackets

Check failure on line 23 in .github/workflows/codeql.yml

View workflow job for this annotation

GitHub Actions / lint

23:31 [brackets] too many spaces inside brackets

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql.yml
queries: +security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@v3

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{ matrix.language }}"
Loading
Loading