From 8a2d9fdd707c3a85c63737b3bf65c8f66fb4ac5c Mon Sep 17 00:00:00 2001 From: Andy Wu Date: Thu, 28 Mar 2024 10:26:03 -0700 Subject: [PATCH] [feat] add ci workflow, scorecards --- .github/CODEOWNERS | 1 + .github/workflows/ci.yml | 52 ++++++++++++++++++++++++++++++++ .github/workflows/scorecards.yml | 44 +++++++++++++++++++++++++++ ci.env | 6 ++-- 4 files changed, 100 insertions(+), 3 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/scorecards.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..5cc3a2b --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @edisonz0718 @AndyBoWu diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..db4b687 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,52 @@ +name: CI Workflow for API Integration Testing + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + # Add timestamp + print_timestamp: + runs-on: ubuntu-latest + steps: + - name: Generate timestamp + run: | + echo "TIMESTAMP=$(TZ='America/Los_Angeles' date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV + + - name: Print timestamp + run: | + echo "Execution time (Pacific Time Zone) $TIMESTAMP" + + test-and-publish: + needs: print_timestamp + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + + - name: Install Dependencies + run: pnpm install + + - name: Lint + run: pnpm eslint . + # Ensure you have a lint script in your package.json + + - name: Run Tests + run: pnpm exec playwright test + # Ensure you have a test:integration script in your package.json for your API integration tests + + - name: Upload Test Results + uses: actions/upload-artifact@v2 + if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' + with: + name: test-results + path: ./playwright-report/index.html diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml new file mode 100644 index 0000000..a048550 --- /dev/null +++ b/.github/workflows/scorecards.yml @@ -0,0 +1,44 @@ +name: Scorecards supply-chain security +on: + workflow_dispatch: + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecards analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + persist-credentials: false + + # This is a pre-submit / pre-release. + - name: "Run analysis" + uses: ossf/scorecard-action@main + with: + results_file: results.sarif + results_format: sarif + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + with: + sarif_file: results.sarif diff --git a/ci.env b/ci.env index b2fc364..898b510 100644 --- a/ci.env +++ b/ci.env @@ -1,3 +1,3 @@ -API_BASE_URL = "https://edge.stg.storyprotocol.net" -API_KEY = "U3RvcnlQcm90b2NvbFRlc3RBUElLRVk=" -API_PREFIX = "/api/sepolia/v1" \ No newline at end of file +API_BASE_URL="https://edge.stg.storyprotocol.net" +API_KEY="U3RvcnlQcm90b2NvbFRlc3RBUElLRVk=" +API_PREFIX="/api/sepolia/v1"