Bump express from 4.19.2 to 4.21.0 in /td.server #9
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR pipeline | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| env: | |
| # threatdragon is the working area on docker hub so use this area | |
| # owasp/threat-dragon is the final release area so DO NOT use that | |
| IMAGE_NAME: "threatdragon/owasp-threat-dragon:PR-${{ github.event.number }}" | |
| # for security reasons the github actions are pinned to specific release versions | |
| jobs: | |
| link_checker: | |
| name: Link checker | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout markdown | |
| uses: actions/[email protected] | |
| - name: Link Checker | |
| uses: lycheeverse/[email protected] | |
| with: | |
| fail: true | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| md_linter: | |
| name: Lint markdown | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout markdown | |
| uses: actions/[email protected] | |
| # do not use **/*.md as this will include the third party packages | |
| - name: Lint markdown | |
| uses: DavidAnson/[email protected] | |
| with: | |
| config: '.markdownlint.yaml' | |
| globs: '.*.md *.md td.*/*.md .github/**/*.md docs/**/*.md' | |
| server_unit_tests: | |
| name: Server unit tests | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: td.server | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:unit | |
| - name: Create server SBOM | |
| run: npm run make-sbom | |
| - name: Save SBOM artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: sboms-server | |
| path: './td.server/sbom.*' | |
| site_unit_tests: | |
| name: Site unit tests | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:unit | |
| desktop_unit_tests: | |
| name: Desktop unit tests | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:desktop | |
| desktop_e2e_tests: | |
| name: Desktop e2e tests | |
| runs-on: ubuntu-22.04 | |
| needs: [desktop_unit_tests, site_unit_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Setup Chrome | |
| id: setup-chrome | |
| uses: browser-actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: Build application | |
| # test only so do not publish | |
| run: npm run build:desktop -- --publish=never | |
| - name: End to end tests | |
| run: | | |
| ${{ steps.setup-chrome.outputs.chrome-path }} --version | |
| ln -sf threat-dragon dist-desktop/linux-unpacked/Threat-Dragon-ng | |
| npm run test:e2e:desktop | |
| - name: Print logs on error | |
| run: | | |
| echo 'Print desktop wdio logs' | |
| pwd | |
| cat ./wdio-logs/*.log | |
| ls -hal ./dist-desktop/ | |
| ls -hal ./dist-desktop/linux-unpacked/ | |
| if: ${{ failure() }} | |
| - name: Save SBOM artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: sboms-desktop-e2e-test-site | |
| path: './td.vue/dist-desktop/bundled/.sbom/*' | |
| if-no-files-found: error | |
| build_docker_image: | |
| name: Build docker image | |
| runs-on: ubuntu-22.04 | |
| needs: [site_unit_tests, server_unit_tests] | |
| if: github.repository == 'OWASP/threat-dragon' | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| install: true | |
| - name: Setup dockerx cache | |
| uses: actions/[email protected] | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Login to Docker Hub | |
| uses: docker/[email protected] | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/[email protected] | |
| with: | |
| context: ./ | |
| file: ./Dockerfile | |
| builder: ${{ steps.buildx.outputs.name }} | |
| push: true | |
| tags: ${{ env.IMAGE_NAME }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| platforms: linux/amd64 | |
| - name: fetch app SBOM | |
| run: docker run --rm --entrypoint tar "$IMAGE_ID" -c boms | tar -xv | |
| env: | |
| IMAGE_ID: ${{ steps.docker_build.outputs.imageid }} | |
| - name: Save SBOM artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: sboms-container-image-app | |
| path: './boms/*' | |
| if-no-files-found: error | |
| e2e_smokes: | |
| name: Site e2e smokes | |
| runs-on: ubuntu-22.04 | |
| needs: [build_docker_image] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Run Threat Dragon | |
| run: | | |
| docker run -d \ | |
| -p 3000:3000 \ | |
| -e ENCRYPTION_JWT_REFRESH_SIGNING_KEY='${{ secrets.CI_JWT_REFRESH_SIGNING_KEY }}' \ | |
| -e ENCRYPTION_JWT_SIGNING_KEY='${{ secrets.CI_JWT_SIGNING_KEY }}' \ | |
| -e ENCRYPTION_KEYS='${{ secrets.CI_SESSION_ENCRYPTION_KEYS }}' \ | |
| -e GITHUB_CLIENT_ID='${{ secrets.CI_GITHUB_CLIENT_ID }}' \ | |
| -e GITHUB_CLIENT_SECRET='${{ secrets.CI_GITHUB_CLIENT_SECRET }}' \ | |
| -e NODE_ENV='development' \ | |
| -e SERVER_API_PROTOCOL='http' \ | |
| ${{ env.IMAGE_NAME }} | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: Run e2e tests | |
| run: npm run test:e2e-ci-smokes | |
| - name: Upload e2e videos | |
| uses: actions/[email protected] | |
| with: | |
| name: e2e_vids.zip | |
| path: td.vue/tests/e2e/videos | |
| if: ${{ always() }} | |
| e2e_tests: | |
| name: Site e2e tests | |
| runs-on: ubuntu-22.04 | |
| needs: [e2e_smokes] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Run Threat Dragon | |
| run: | | |
| docker run -d \ | |
| -p 3000:3000 \ | |
| -e GITHUB_CLIENT_ID='${{ secrets.CI_GITHUB_CLIENT_ID }}' \ | |
| -e GITHUB_CLIENT_SECRET='${{ secrets.CI_GITHUB_CLIENT_SECRET }}' \ | |
| -e ENCRYPTION_JWT_REFRESH_SIGNING_KEY='${{ secrets.CI_JWT_REFRESH_SIGNING_KEY }}' \ | |
| -e ENCRYPTION_JWT_SIGNING_KEY='${{ secrets.CI_JWT_SIGNING_KEY }}' \ | |
| -e ENCRYPTION_KEYS='${{ secrets.CI_SESSION_ENCRYPTION_KEYS }}' \ | |
| -e NODE_ENV='development' \ | |
| -e SERVER_API_PROTOCOL='http' \ | |
| ${{ env.IMAGE_NAME }} | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: Run e2e tests | |
| run: npm run test:e2e-ci | |
| - name: Upload e2e videos | |
| uses: actions/[email protected] | |
| with: | |
| name: e2e_vids.zip | |
| path: td.vue/tests/e2e/videos | |
| if: ${{ always() }} | |
| zap_scan_web: | |
| name: Site zap scan | |
| runs-on: ubuntu-22.04 | |
| needs: [build_docker_image] | |
| steps: | |
| - name: Run Threat Dragon | |
| run: | | |
| docker run -d \ | |
| -p 3000:3000 \ | |
| -e GITHUB_CLIENT_ID='${{ secrets.CI_GITHUB_CLIENT_ID }}' \ | |
| -e GITHUB_CLIENT_SECRET='${{ secrets.CI_GITHUB_CLIENT_SECRET }}' \ | |
| -e ENCRYPTION_JWT_REFRESH_SIGNING_KEY='${{ secrets.CI_JWT_REFRESH_SIGNING_KEY }}' \ | |
| -e ENCRYPTION_JWT_SIGNING_KEY='${{ secrets.CI_JWT_SIGNING_KEY }}' \ | |
| -e ENCRYPTION_KEYS='${{ secrets.CI_SESSION_ENCRYPTION_KEYS }}' \ | |
| -e NODE_ENV='development' \ | |
| -e SERVER_API_PROTOCOL='http' \ | |
| ${{ env.IMAGE_NAME }} | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: ZAP Scan | |
| uses: zaproxy/[email protected] | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| target: 'http://localhost:3000' | |
| rules_file_name: '.github/workflows/.zap-rules-web.tsv' | |
| allow_issue_writing: false | |
| fail_action: true | |
| cmd_options: '-a' | |
| scan_image_with_trivy: | |
| name: Scan with trivy | |
| runs-on: ubuntu-22.04 | |
| needs: [build_docker_image] | |
| permissions: | |
| contents: write | |
| steps: | |
| # Need .trivyignore | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: '${{ env.IMAGE_NAME }}' | |
| format: 'table' | |
| exit-code: 1 | |
| sbom_combiner: | |
| name: SBOM combiner | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - server_unit_tests | |
| - desktop_e2e_tests | |
| - build_docker_image | |
| steps: | |
| - name: Fetch prepared SBOM artifacts | |
| uses: actions/[email protected] | |
| with: | |
| pattern: 'sboms-*' | |
| merge-multiple: false | |
| path: 'raw/' | |
| - name: Fetch SBOMs | |
| run: | | |
| set -eux | |
| mkdir -p sboms/threat-dragon-container-image/app/ | |
| cp raw/sboms-server/sbom.json sboms/threat-dragon-server-bom.json | |
| cp raw/sboms-server/sbom.xml sboms/threat-dragon-server-bom.xml | |
| cp raw/sboms-desktop-e2e-test-site/bom.json sboms/threat-dragon-desktop-e2e-test-site-bom.json | |
| cp raw/sboms-desktop-e2e-test-site/bom.xml sboms/threat-dragon-desktop-e2e-test-site-bom.xml | |
| cp raw/sboms-container-image-app/* sboms/threat-dragon-container-image/app/ | |
| - name: Save SBOM artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: sboms | |
| path: 'sboms/' |