Skip to content

Commit

Permalink
fix(ci): introduce pr validate/edit workflow (#1781)
Browse files Browse the repository at this point in the history
  • Loading branch information
@DerekRoberts
DerekRoberts authored Feb 2, 2024
1 parent c19bc72 commit 62ac388
Show file tree
Hide file tree
Showing 3 changed files with 92 additions and 78 deletions.
81 changes: 38 additions & 43 deletions .github/workflows/analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,45 +14,6 @@ concurrency:
cancel-in-progress: true

jobs:
codeql:
name: CodeQL
if: ${{ ! github.event.pull_request.draft }}
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v3
with:
languages: javascript

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:javascript"

# https://github.com/marketplace/actions/aqua-security-trivy
trivy:
name: Trivy Security Scan
if: ${{ ! github.event.pull_request.draft }}
runs-on: ubuntu-22.04
timeout-minutes: 1
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.16.1
with:
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
scan-type: "fs"
scanners: "vuln,secret,config"
severity: "CRITICAL,HIGH"

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"

tests:
name: Tests
if: ${{ ! github.event.pull_request.draft }}
Expand Down Expand Up @@ -96,10 +57,44 @@ jobs:
sonar_token: ${{ secrets[matrix.token] }}
triggers: ('${{ matrix.dir }}/')

results:
name: Results
needs: [codeql, trivy, tests]
codeql:
name: CodeQL
if: ${{ ! github.event.pull_request.draft }}
needs: [tests]
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v3
with:
languages: javascript

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:javascript"

# https://github.com/marketplace/actions/aqua-security-trivy
trivy:
name: Trivy Security Scan
if: ${{ ! github.event.pull_request.draft }}
needs: [tests]
runs-on: ubuntu-22.04
timeout-minutes: 1
steps:
- run: echo "Success!"
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.16.1
with:
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
scan-type: "fs"
scanners: "vuln,secret,config"
severity: "CRITICAL,HIGH"

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"

35 changes: 0 additions & 35 deletions .github/workflows/pr-open.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,41 +9,6 @@ concurrency:
cancel-in-progress: true

jobs:
conventional-commits:
name: Conventional Commits
runs-on: ubuntu-22.04
steps:
- uses: amannn/action-semantic-pull-request@v5.4.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

pr-description-add:
name: PR Description Add
env:
DOMAIN: apps.silver.devops.gov.bc.ca
PREFIX: ${{ github.event.repository.name }}
runs-on: ubuntu-22.04
permissions:
pull-requests: write
timeout-minutes: 1
steps:
- uses: bcgov-nr/action-pr-description-add@v1.1.0
with:
add_markdown: |
---
Thanks for the PR!
Deployments, as required, will be available below:
- [Frontend](https://${{ env.PREFIX }}-${{ github.event.number }}-frontend.${{ env.DOMAIN }})
- [Backend](https://${{ env.PREFIX }}-${{ github.event.number }}-frontend.${{ env.DOMAIN }}/api)
Please create PRs in draft mode. Mark as ready to enable:
- [Analysis Workflow](https://github.com/${{ github.repository }}/actions/workflows/analysis.yml)
After merge, new images are deployed in:
- [Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge.yml)
# https://github.com/bcgov-nr/action-builder-ghcr
builds:
name: Builds
Expand Down
54 changes: 54 additions & 0 deletions .github/workflows/pr-validate.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: PR Validate

on:
pull_request:
types: [edited, opened, reopened, synchronize]

concurrency:
# Cancel in progress for PR open and close, but not merge_group
group: ${{ github.workflow }}-${{ github.event.number || github.event.merge_group.base_sha }}
cancel-in-progress: true

jobs:
# PR only, skip for merge_group
conventional-commits:
name: Conventional Commits
runs-on: ubuntu-22.04
steps:
- uses: amannn/action-semantic-pull-request@v5.4.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- if: failure() && !success()
run: |
echo "Please use conventional commits in your PR title and re-run this job."
echo "https://www.conventionalcommits.org/en/v1.0.0/"
exit 1
# PR only, skip for merge_group
pr-description-add:
name: PR Description Add
env:
DOMAIN: apps.silver.devops.gov.bc.ca
PREFIX: ${{ github.event.repository.name }}
runs-on: ubuntu-22.04
permissions:
pull-requests: write
timeout-minutes: 1
steps:
- uses: bcgov-nr/action-pr-description-add@v1.1.0
with:
add_markdown: |
---
Thanks for the PR!
Deployments, as required, will be available below:
- [Frontend](https://${{ env.PREFIX }}-${{ github.event.number }}-frontend.${{ env.DOMAIN }})
- [Backend](https://${{ env.PREFIX }}-${{ github.event.number }}-frontend.${{ env.DOMAIN }}/api)
Please create PRs in draft mode. Mark as ready to enable:
- [Analysis Workflow](https://github.com/${{ github.repository }}/actions/workflows/analysis.yml)
After merge, new images are deployed in:
- [Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge.yml)

0 comments on commit 62ac388

Please sign in to comment.