chore(ci): cleanup CI workflow + add security scanning (#173)

* update ci workflow
* remove issue template
* update test script
* remove secret and add security scanning

Author: joshua-goldstein

.github/ISSUE_TEMPLATE

@@ -0,0 +1,33 @@
+name: ci-aqua-security-trivy-tests
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+    branches:
+      - master
+  schedule:
+    - cron: "0 * * * *"
+jobs:
+  build:
+    name: trivy-tests
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'          
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/ci-aqua-security-trivy-tests.yml

@@ -1,6 +1,4 @@
-
 name: ci-dgraph-js-tests
-
 on:
   push:
     branches: 
@@ -13,27 +11,49 @@ on:
     - ready_for_review
     branches: 
     - master
-
 jobs:
-  build:
-
+  dgraph-js-tests:
     runs-on: ubuntu-20.04
-
     strategy:
+      fail-fast: false
       matrix:
-        node-version: [18.x, 19.x]
+        node-version: [16.x, 18.x, 19.x, 20.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-
     steps:
-    - uses: actions/checkout@v3
-    - name: Use Node.js ${{ matrix.node-version }}
+    - name: Checkout dgraph-js repo
+      uses: actions/checkout@v3
+      with: 
+        path: dgraph-js
+        repository: dgraph-io/dgraph-js
+        ref: ${{ github.ref }}
+    - name: Checkout dgraph repo
+      uses: actions/checkout@v3
+      with:
+        path: dgraph
+        repository: dgraph-io/dgraph
+        ref: main
+    - name: Get Go Version
+      run: |
+        #!/bin/bash
+        cd dgraph
+        GOVERSION=$({ [ -f .go-version ] && cat .go-version; })
+        echo "GOVERSION=$GOVERSION" >> $GITHUB_ENV
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.GOVERSION }}
+    - name: Build dgraph binary
+      run: cd dgraph && make docker-image # also builds dgraph binary
+    - name: Move dgraph binary to gopath
+      run: cd dgraph && mv dgraph/dgraph ~/go/bin/dgraph
+    - name: Setup node.js ${{ matrix.node-version }}
       uses: actions/setup-node@v3
       with:
         node-version: ${{ matrix.node-version }}
         cache: 'npm'
-    - name: Install Dependencies
-      run: bash ./scripts/install_dgraph.sh
-    - name: run tests
+        cache-dependency-path: dgraph-js/package-lock.json
+    - name: Run dgraph-js tests
+      working-directory: dgraph-js
       run: | 
         npm ci --legacy-peer-deps
-        bash ./scripts/build.sh
+        bash scripts/run-tests.sh

.github/workflows/ci-dgraph-js.yml

@@ -0,0 +1,99 @@
+#!/bin/bash
+
+sleepTime=5
+
+function wait-for-healthy() {
+    printf 'wait-for-healthy: waiting for %s to return 200 OK\n' "$1"
+    tries=0
+    until curl -sL -w "%{http_code}\\n" "$1" -o /dev/null | grep -q 200; do
+        tries=$tries+1
+        if [[ $tries -gt 300 ]]; then
+            printf "wait-for-healthy: Took longer than 1 minute to be healthy.\n"
+            printf "wait-for-healthy: Waiting stopped.\n"
+            return 1
+        fi
+        sleep 0.2
+    done
+    printf "wait-for-healthy: done.\n"
+}
+
+function errorCheck {
+    EXIT_CODE=$1
+    ERROR_MESSAGE=$2
+    
+    if [[ EXIT_CODE -ne 0 ]]; then
+        echo $ERROR_MESSAGE
+        stopCluster
+        exit $EXIT_CODE
+    fi
+    return 0
+}
+
+function stopCluster {
+    echo "shutting down dgraph alpha and zero..."
+    kill -9 $(pgrep -f "dgraph zero") > /dev/null     # kill dgraph zero
+    kill -9 $(pgrep -f "dgraph alpha") > /dev/null    # kill dgraph alpha
+
+    if pgrep -x dgraph > /dev/null
+    then
+      echo "sleeping for 5 seconds so dgraph can shutdown"
+      sleep 5
+    fi
+
+    echo "cluster teardown complete"
+    return 0
+}
+
+function startAlpha {
+    echo -e "starting dgraph alpha..."
+    head -c 1024 /dev/random > $SRCDIR/dgraph-local-data/acl-secret.txt
+    dgraph alpha -p $SRCDIR/dgraph-local-data/p \
+        -w $SRCDIR/dgraph-local-data/w \
+        --bindall \
+        --my localhost:7080 \
+        --acl "access-ttl=1h; refresh-ttl=1d; secret-file=$SRCDIR/dgraph-local-data/acl-secret.txt" \
+            > $SRCDIR/dgraph-local-data/alpha.log 2>&1 &
+    
+    # wait for alpha to be healthy
+    ALPHA_HTTP_ADDR="localhost:8080"
+    wait-for-healthy $ALPHA_HTTP_ADDR/health
+    errorCheck $? "dgraph alpha could not come up"
+    sleep $sleepTime
+    return 0
+}
+
+function startZero {
+    echo -e "starting dgraph zero..."
+    dgraph zero --my localhost:5080 --bindall \
+        -w $SRCDIR/dgraph-local-data/wz > $SRCDIR/dgraph-local-data/zero.log 2>&1 &
+    
+    # wait for zero to be healthy
+    ZERO_HTTP_ADDR="localhost:6080"
+    wait-for-healthy $ZERO_HTTP_ADDR/health
+    errorCheck $? "dgraph zero could not come up"
+    sleep $sleepTime
+}
+
+function init {
+    echo -e "initializing..."
+    rm -rf $SRCDIR/dgraph-local-data
+    mkdir $SRCDIR/dgraph-local-data
+}
+
+# find parent directory of test script
+readonly _SRCDIR=$(readlink -f ${BASH_SOURCE[0]%/*})
+SRCDIR=$(dirname $_SRCDIR)
+
+init
+startZero
+startAlpha
+sleep 10 # need time to create Groot user
+
+npm run build
+
+npm test
+errorCheck $? "dgraph-js-http client tests FAILED"
+
+stopCluster
+rm -rf $SRCDIR/local-dgraph-data
+exit 0