From 166a820662a52929a6295c2ab188e24a87a5522e Mon Sep 17 00:00:00 2001 From: Garvit Singh Date: Fri, 9 Dec 2022 11:57:19 -0500 Subject: [PATCH 1/7] Add github actions --- .github/CODEOWNERS | 1 + .github/cdk-nag.yml | 22 ++++++++++++++++++++++ .github/code-style-lint.yml | 31 +++++++++++++++++++++++++++++++ .github/codeql.yml | 20 ++++++++++++++++++++ .github/pipeline-workflow.yml | 25 +++++++++++++++++++++++++ .github/pull-request-workflow.yml | 22 ++++++++++++++++++++++ .github/run-unit-test.yml | 22 ++++++++++++++++++++++ .github/stale-issues.yml | 22 ++++++++++++++++++++++ 8 files changed, 165 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/cdk-nag.yml create mode 100644 .github/code-style-lint.yml create mode 100644 .github/codeql.yml create mode 100644 .github/pipeline-workflow.yml create mode 100644 .github/pull-request-workflow.yml create mode 100644 .github/run-unit-test.yml create mode 100644 .github/stale-issues.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 000000000..4a3973967 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +.github/workflows/ @aws-solutions/sb-csne \ No newline at end of file diff --git a/.github/cdk-nag.yml b/.github/cdk-nag.yml new file mode 100644 index 000000000..7f0d68824 --- /dev/null +++ b/.github/cdk-nag.yml @@ -0,0 +1,22 @@ +# Workflow that runs unit test +name: CDK Nag Test + +on: + pull_request: + types: [opened, edited, reopened, synchronize] + +jobs: + cdk-nag: + name: CDK Nag Check + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [16.x] + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + - run: | + cd source/constructs && npm i --only=dev + npx cdk synth \ No newline at end of file diff --git a/.github/code-style-lint.yml b/.github/code-style-lint.yml new file mode 100644 index 000000000..6c050dc1b --- /dev/null +++ b/.github/code-style-lint.yml @@ -0,0 +1,31 @@ +# Workflow that runs prettier code style check. +name: Code Style and Lint + +on: + pull_request: + types: [opened, edited, reopened, synchronize] + +jobs: + prettier: + name: Style Check + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [16.x] + steps: + - uses: actions/checkout@v3 + - run: npx --y prettier --config source/.prettierrc.yml --check 'source/**/*.ts' + linter: + name: Lint Check + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [16.x] + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + - run: | + cd source && npm i --only=dev + npx --y eslint . --ext .ts \ No newline at end of file diff --git a/.github/codeql.yml b/.github/codeql.yml new file mode 100644 index 000000000..428200e0f --- /dev/null +++ b/.github/codeql.yml @@ -0,0 +1,20 @@ +name: Security Scans + +on: + pull_request: + types: [opened, edited, reopened, synchronize] + +jobs: + codeql: + name: CodeQL Check + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + language: [ javascript, typescript ] + steps: + - uses: actions/checkout@v3 + - uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + - uses: github/codeql-action/analyze@v2 \ No newline at end of file diff --git a/.github/pipeline-workflow.yml b/.github/pipeline-workflow.yml new file mode 100644 index 000000000..04b48d99c --- /dev/null +++ b/.github/pipeline-workflow.yml @@ -0,0 +1,25 @@ +name: Pipeline Workflow + +env: + REGION: us-east-1 + +on: push + +jobs: + pipeline-job: + name: Pipeline Job + runs-on: ubuntu-latest + permissions: + id-token: write + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.DISPATCHER_ROLE_ARN }} + aws-region: ${{ env.REGION }} + role-duration-seconds: 900 + role-session-name: OIDCSession + - name: Run CodeBuild + uses: aws-actions/aws-codebuild-run-build@v1 + with: + project-name: ${{ secrets.DISPATCHER_CODEBUILD_PROJECT_NAME }} \ No newline at end of file diff --git a/.github/pull-request-workflow.yml b/.github/pull-request-workflow.yml new file mode 100644 index 000000000..f4cd47197 --- /dev/null +++ b/.github/pull-request-workflow.yml @@ -0,0 +1,22 @@ +name: Pull Request Workflow + +on: + pull_request: + types: [opened, edited, reopened, synchronize] + +jobs: + pull-request-job: + name: Status Checks + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Viperlight + run: | + wget -q https://viperlight-scanner.s3.amazonaws.com/latest/viperlight.zip + unzip -q viperlight.zip -d ../viperlight + rm -r ./viperlight.zip + echo "Content scanning utility installation complete `date`" + echo "Starting content scanning `date` in `pwd`" + ../viperlight/bin/viperlight scan -m files-contents -m files-aws -m files-binary -m files-entropy -m files-secrets + echo "Completed content scanning `date`" \ No newline at end of file diff --git a/.github/run-unit-test.yml b/.github/run-unit-test.yml new file mode 100644 index 000000000..663dff81f --- /dev/null +++ b/.github/run-unit-test.yml @@ -0,0 +1,22 @@ +# Workflow that runs unit test +name: Unit Test + +on: + pull_request: + types: [opened, edited, reopened, synchronize] + +jobs: + unittest: + name: Unit Test Check + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [16.x] + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + - run: | + cd deployment + chmod +x ./run-unit-tests.sh && DEBUG=true ./run-unit-tests.sh \ No newline at end of file diff --git a/.github/stale-issues.yml b/.github/stale-issues.yml new file mode 100644 index 000000000..c6e916c88 --- /dev/null +++ b/.github/stale-issues.yml @@ -0,0 +1,22 @@ +name: Close Stale Issues and PRs + +on: + schedule: + - cron: "0 0 * * *" + +jobs: + close-issues: + name: Close Stale Issues + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - uses: actions/stale@v3 + with: + days-before-stale: 90 + days-before-close: 7 + stale-issue-message: This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. + close-issue-message: This issue was closed because it has been inactive for 7 days since being marked as stale. + stale-pr-message: This pr has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. + close-pr-message: This pr was closed because it has been inactive for 7 days since being marked as stale. From 4e42ee16c7bb1f10b494653be3918e7b8a1287ad Mon Sep 17 00:00:00 2001 From: Garvit Singh Date: Fri, 9 Dec 2022 12:08:39 -0500 Subject: [PATCH 2/7] Move workflow files --- .github/{ => workflows}/cdk-nag.yml | 0 .github/{ => workflows}/code-style-lint.yml | 0 .github/{ => workflows}/codeql.yml | 0 .github/{ => workflows}/pipeline-workflow.yml | 0 .github/{ => workflows}/pull-request-workflow.yml | 0 .github/{ => workflows}/run-unit-test.yml | 0 .github/{ => workflows}/stale-issues.yml | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename .github/{ => workflows}/cdk-nag.yml (100%) rename .github/{ => workflows}/code-style-lint.yml (100%) rename .github/{ => workflows}/codeql.yml (100%) rename .github/{ => workflows}/pipeline-workflow.yml (100%) rename .github/{ => workflows}/pull-request-workflow.yml (100%) rename .github/{ => workflows}/run-unit-test.yml (100%) rename .github/{ => workflows}/stale-issues.yml (100%) diff --git a/.github/cdk-nag.yml b/.github/workflows/cdk-nag.yml similarity index 100% rename from .github/cdk-nag.yml rename to .github/workflows/cdk-nag.yml diff --git a/.github/code-style-lint.yml b/.github/workflows/code-style-lint.yml similarity index 100% rename from .github/code-style-lint.yml rename to .github/workflows/code-style-lint.yml diff --git a/.github/codeql.yml b/.github/workflows/codeql.yml similarity index 100% rename from .github/codeql.yml rename to .github/workflows/codeql.yml diff --git a/.github/pipeline-workflow.yml b/.github/workflows/pipeline-workflow.yml similarity index 100% rename from .github/pipeline-workflow.yml rename to .github/workflows/pipeline-workflow.yml diff --git a/.github/pull-request-workflow.yml b/.github/workflows/pull-request-workflow.yml similarity index 100% rename from .github/pull-request-workflow.yml rename to .github/workflows/pull-request-workflow.yml diff --git a/.github/run-unit-test.yml b/.github/workflows/run-unit-test.yml similarity index 100% rename from .github/run-unit-test.yml rename to .github/workflows/run-unit-test.yml diff --git a/.github/stale-issues.yml b/.github/workflows/stale-issues.yml similarity index 100% rename from .github/stale-issues.yml rename to .github/workflows/stale-issues.yml From 6ae6e497a38c6865e027b7dab6347e59d8d293f5 Mon Sep 17 00:00:00 2001 From: Garvit Singh Date: Fri, 9 Dec 2022 13:01:00 -0500 Subject: [PATCH 3/7] Remove redundant workflow file --- .github/workflows/close_inactive_issues.yml | 22 --------------------- 1 file changed, 22 deletions(-) delete mode 100644 .github/workflows/close_inactive_issues.yml diff --git a/.github/workflows/close_inactive_issues.yml b/.github/workflows/close_inactive_issues.yml deleted file mode 100644 index fba38fef6..000000000 --- a/.github/workflows/close_inactive_issues.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Close inactive issues -on: - schedule: - - cron: "0 0 * * *" - -jobs: - close-issues: - runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write - steps: - - uses: actions/stale@v3 - with: - days-before-issue-stale: 180 - days-before-issue-close: 7 - stale-issue-label: closing-soon - stale-issue-message: This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. - close-issue-message: This issue was closed because it has been inactive for 7 days since being marked as closing-soon. - days-before-pr-stale: -1 - days-before-pr-close: -1 - repo-token: ${{ secrets.GITHUB_TOKEN }} From d5fa2f8e04e871ee8856d69005057abbe632ec17 Mon Sep 17 00:00:00 2001 From: Garvit Singh Date: Fri, 9 Dec 2022 14:14:48 -0500 Subject: [PATCH 4/7] Run pipeline job for only aws solutions owned repo --- .github/workflows/pipeline-workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pipeline-workflow.yml b/.github/workflows/pipeline-workflow.yml index 04b48d99c..405892fdb 100644 --- a/.github/workflows/pipeline-workflow.yml +++ b/.github/workflows/pipeline-workflow.yml @@ -8,6 +8,7 @@ on: push jobs: pipeline-job: name: Pipeline Job + if: github.repository_owner == 'aws-solutions' runs-on: ubuntu-latest permissions: id-token: write From 3912c4da26ff46fb3e118750014ad38bb8755479 Mon Sep 17 00:00:00 2001 From: Garvit Singh Date: Tue, 20 Dec 2022 12:31:26 -0500 Subject: [PATCH 5/7] Run unit test workflow on push in forks --- .github/workflows/run-unit-test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/run-unit-test.yml b/.github/workflows/run-unit-test.yml index 663dff81f..01948bc09 100644 --- a/.github/workflows/run-unit-test.yml +++ b/.github/workflows/run-unit-test.yml @@ -2,12 +2,16 @@ name: Unit Test on: + push: + branches: + - '*' pull_request: types: [opened, edited, reopened, synchronize] jobs: unittest: name: Unit Test Check + if: {{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request')}} runs-on: ubuntu-latest strategy: matrix: From 5ae1ee466d906f0e7685ce5cccb72f8dce5f7191 Mon Sep 17 00:00:00 2001 From: Garvit Singh Date: Tue, 20 Dec 2022 12:33:54 -0500 Subject: [PATCH 6/7] Fix workflow file syntax --- .github/workflows/run-unit-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-unit-test.yml b/.github/workflows/run-unit-test.yml index 01948bc09..acb73c9b5 100644 --- a/.github/workflows/run-unit-test.yml +++ b/.github/workflows/run-unit-test.yml @@ -11,7 +11,7 @@ on: jobs: unittest: name: Unit Test Check - if: {{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request')}} + if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }} runs-on: ubuntu-latest strategy: matrix: From 7201343a63d5f87810877aa34c66cd788cf0ba4d Mon Sep 17 00:00:00 2001 From: Garvit Singh Date: Tue, 20 Dec 2022 12:48:05 -0500 Subject: [PATCH 7/7] Run workflow with push on forks --- .github/workflows/cdk-nag.yml | 4 ++++ .github/workflows/code-style-lint.yml | 5 +++++ .github/workflows/codeql.yml | 4 ++++ .github/workflows/pull-request-workflow.yml | 4 ++++ 4 files changed, 17 insertions(+) diff --git a/.github/workflows/cdk-nag.yml b/.github/workflows/cdk-nag.yml index 7f0d68824..4072b8119 100644 --- a/.github/workflows/cdk-nag.yml +++ b/.github/workflows/cdk-nag.yml @@ -2,12 +2,16 @@ name: CDK Nag Test on: + push: + branches: + - '*' pull_request: types: [opened, edited, reopened, synchronize] jobs: cdk-nag: name: CDK Nag Check + if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }} runs-on: ubuntu-latest strategy: matrix: diff --git a/.github/workflows/code-style-lint.yml b/.github/workflows/code-style-lint.yml index 6c050dc1b..c9a117163 100644 --- a/.github/workflows/code-style-lint.yml +++ b/.github/workflows/code-style-lint.yml @@ -2,12 +2,16 @@ name: Code Style and Lint on: + push: + branches: + - '*' pull_request: types: [opened, edited, reopened, synchronize] jobs: prettier: name: Style Check + if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }} runs-on: ubuntu-latest strategy: matrix: @@ -17,6 +21,7 @@ jobs: - run: npx --y prettier --config source/.prettierrc.yml --check 'source/**/*.ts' linter: name: Lint Check + if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }} runs-on: ubuntu-latest strategy: matrix: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 428200e0f..1ecc1b03d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,12 +1,16 @@ name: Security Scans on: + push: + branches: + - '*' pull_request: types: [opened, edited, reopened, synchronize] jobs: codeql: name: CodeQL Check + if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }} runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/pull-request-workflow.yml b/.github/workflows/pull-request-workflow.yml index f4cd47197..938e487fa 100644 --- a/.github/workflows/pull-request-workflow.yml +++ b/.github/workflows/pull-request-workflow.yml @@ -1,12 +1,16 @@ name: Pull Request Workflow on: + push: + branches: + - '*' pull_request: types: [opened, edited, reopened, synchronize] jobs: pull-request-job: name: Status Checks + if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }} runs-on: ubuntu-latest steps: - name: Checkout