From d9030e80b0e9e6f83bb6ed031f6f96c60e9c1a00 Mon Sep 17 00:00:00 2001 From: Filippos Sakellaropoulos Date: Sun, 17 Nov 2024 14:39:44 +0200 Subject: [PATCH] Add GitHub workflows for build, dependency check, secret scanning, and SonarCloud analysis; update Package.resolved and add CODEOWNERS file --- .github/CODEOWNERS | 1 + .github/workflows/build-package.yml | 22 ++++++++++++++++++++++ .github/workflows/dependencycheck.yml | 15 +++++++++++++++ .github/workflows/gitleaks.yml | 14 ++++++++++++++ .github/workflows/sonar.yml | 17 +++++++++++++++++ Package.resolved | 8 ++++---- 6 files changed, 73 insertions(+), 4 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/workflows/build-package.yml create mode 100644 .github/workflows/dependencycheck.yml create mode 100644 .github/workflows/gitleaks.yml create mode 100644 .github/workflows/sonar.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..b2f95bd --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @eu-digital-identity-wallet/niscy-admins \ No newline at end of file diff --git a/.github/workflows/build-package.yml b/.github/workflows/build-package.yml new file mode 100644 index 0000000..9a90171 --- /dev/null +++ b/.github/workflows/build-package.yml @@ -0,0 +1,22 @@ +--- +name: build-package +on: + pull_request: + types: [opened, reopened] + push: + branches: ['main'] + tags: [ v* ] +jobs: + build: + runs-on: "macos-14" + steps: + - uses: maxim-lobanov/setup-xcode@v1 + with: + xcode-version: '16.0' + - name: Get swift version + run: swift --version + - uses: actions/checkout@v4 + - name: Build + run: swift build + - name: Run tests + run: swift test \ No newline at end of file diff --git a/.github/workflows/dependencycheck.yml b/.github/workflows/dependencycheck.yml new file mode 100644 index 0000000..e5d3427 --- /dev/null +++ b/.github/workflows/dependencycheck.yml @@ -0,0 +1,15 @@ +name: SCA - Dependency-Check Caller +on: + push: + branches-ignore: + - 'dependabot/**' + workflow_dispatch: + +jobs: + + SCA_caller: + uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/sca.yml@main + secrets: + NVD_API_KEY: ${{ secrets.NVD_API_KEY }} + DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }} + DOJO_URL: ${{ secrets.DOJO_URL }} diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml new file mode 100644 index 0000000..58ab8b1 --- /dev/null +++ b/.github/workflows/gitleaks.yml @@ -0,0 +1,14 @@ +name: Secret Scanning - Gitleaks Caller +on: + push: + branches-ignore: + - 'dependabot/**' + workflow_dispatch: + +jobs: + + Secret_Scanning_caller: + uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/secretscanning.yml@main + secrets: + DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }} + DOJO_URL: ${{ secrets.DOJO_URL }} diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml new file mode 100644 index 0000000..1b70f75 --- /dev/null +++ b/.github/workflows/sonar.yml @@ -0,0 +1,17 @@ +name: SAST - SonarCloud Caller +on: + push: + branches-ignore: + - 'dependabot/**' + pull_request_target: + workflow_dispatch: + +jobs: + + SAST_caller: + uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/sast_action.yml@main + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }} + DOJO_URL: ${{ secrets.DOJO_URL }} diff --git a/Package.resolved b/Package.resolved index 6df14e1..560a6fc 100644 --- a/Package.resolved +++ b/Package.resolved @@ -1,13 +1,13 @@ { - "originHash" : "fae81f6b1e0612c6a226b698efc30c0371654cbc54cc06eb304e3d22aa1ceb49", + "originHash" : "67d6e755c4890cdfcb60930d0b952815385f42101d98ff3d40456723c03c6c74", "pins" : [ { "identity" : "eudi-lib-ios-rqes-csc-swift", "kind" : "remoteSourceControl", - "location" : "https://github.com/niscy-eudiw/eudi-lib-ios-rqes-csc-swift.git", + "location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-rqes-csc-swift.git", "state" : { - "branch" : "update-auth-flow", - "revision" : "075987ef5f098e2ac866504ed8c55514fe4cb1b3" + "revision" : "d286db938dd6bddcd2aa22051e54211227cf5cba", + "version" : "0.0.1" } }, {