Merge pull request #402 from gsingh04/develop

Add github actions

.github/CODEOWNERS

@@ -0,0 +1 @@
+.github/workflows/ @aws-solutions/sb-csne

.github/workflows/cdk-nag.yml

@@ -0,0 +1,26 @@
+# Workflow that runs unit test
+name: CDK Nag Test
+
+on:
+  push: 
+    branches:
+      - '*'
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  cdk-nag:
+    name: CDK Nag Check
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [16.x]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+      - run: |
+          cd source/constructs && npm i --only=dev
+          npx cdk synth

.github/workflows/code-style-lint.yml

@@ -0,0 +1,36 @@
+# Workflow that runs prettier code style check.
+name: Code Style and Lint
+
+on:
+  push: 
+    branches:
+      - '*'
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  prettier:
+    name: Style Check
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [16.x]
+    steps:
+      - uses: actions/checkout@v3
+      - run: npx --y prettier --config source/.prettierrc.yml --check 'source/**/*.ts'
+  linter:
+    name: Lint Check
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [16.x]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+      - run: |
+          cd source && npm i --only=dev
+          npx --y eslint . --ext .ts

.github/workflows/codeql.yml

@@ -0,0 +1,24 @@
+name: Security Scans
+
+on:
+  push: 
+    branches:
+      - '*'
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  codeql:
+    name: CodeQL Check
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ javascript, typescript ]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: github/codeql-action/init@v2
+        with:
+            languages: ${{ matrix.language }}
+      - uses: github/codeql-action/analyze@v2

.github/workflows/pipeline-workflow.yml

@@ -0,0 +1,26 @@
+name: Pipeline Workflow
+
+env:
+  REGION: us-east-1
+
+on: push
+
+jobs:
+  pipeline-job:
+    name: Pipeline Job
+    if: github.repository_owner == 'aws-solutions'
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.DISPATCHER_ROLE_ARN }}
+          aws-region: ${{ env.REGION }}
+          role-duration-seconds: 900
+          role-session-name: OIDCSession
+      - name: Run CodeBuild
+        uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: ${{ secrets.DISPATCHER_CODEBUILD_PROJECT_NAME }}

.github/workflows/pull-request-workflow.yml

@@ -0,0 +1,26 @@
+name: Pull Request Workflow
+
+on:
+  push: 
+    branches:
+      - '*'
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  pull-request-job:
+    name: Status Checks
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Viperlight
+        run: |
+          wget -q https://viperlight-scanner.s3.amazonaws.com/latest/viperlight.zip
+          unzip -q viperlight.zip -d ../viperlight
+          rm -r ./viperlight.zip
+          echo "Content scanning utility installation complete `date`"
+          echo "Starting content scanning `date` in `pwd`"
+          ../viperlight/bin/viperlight scan -m files-contents -m files-aws -m files-binary -m files-entropy -m files-secrets
+          echo "Completed content scanning `date`"

.github/workflows/run-unit-test.yml

@@ -0,0 +1,26 @@
+# Workflow that runs unit test
+name: Unit Test
+
+on:
+  push: 
+    branches:
+      - '*'
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  unittest:
+    name: Unit Test Check
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [16.x]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+      - run: |
+          cd deployment
+          chmod +x ./run-unit-tests.sh && DEBUG=true ./run-unit-tests.sh

.github/workflows/stale-issues.yml

@@ -0,0 +1,22 @@
+name: Close Stale Issues and PRs
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  close-issues:
+    name: Close Stale Issues
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v3
+        with:
+          days-before-stale: 90
+          days-before-close: 7
+          stale-issue-message: This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.
+          close-issue-message: This issue was closed because it has been inactive for 7 days since being marked as stale.
+          stale-pr-message: This pr has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.
+          close-pr-message: This pr was closed because it has been inactive for 7 days since being marked as stale.