Merge branch 'main' into add_cloudrail

This commit is contained in:
Nick Fyson
2021-10-04 19:44:55 +01:00
committed by GitHub
11 changed files with 94 additions and 25 deletions
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Super Linter - Run Linters for several languages",
"description": "Run linters for several languages on your code base for changed files",
"iconName": "octicon check-circle",
"categories": ["code-quality", "code-review"]
"categories": ["Continuous integration", "code-quality", "code-review"]
}
+10
View File
@@ -0,0 +1,10 @@
{
"name": "Symfony",
"description": "Test a Symfony project.",
"iconName": "php",
"categories": [
"Continuous integration",
"PHP",
"Symfony"
]
}
+39
View File
@@ -0,0 +1,39 @@
name: Symfony
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
symfony-tests:
runs-on: ubuntu-latest
steps:
# To automatically get bug fixes and new Php versions for shivammathur/setup-php,
# change this to (see https://github.com/shivammathur/setup-php#bookmark-versioning):
# uses: shivammathur/setup-php@v2
- uses: shivammathur/setup-php@2cb9b829437ee246e9b3cac53555a39208ca6d28
with:
php-version: '8.0'
- uses: actions/checkout@v2
- name: Copy .env.test.local
run: php -r "file_exists('.env.test.local') || copy('.env.test', '.env.test.local');"
- name: Cache Composer packages
id: composer-cache
uses: actions/cache@v2
with:
path: vendor
key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-php-
- name: Install Dependencies
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
- name: Create Database
run: |
mkdir -p data
touch data/database.sqlite
- name: Execute tests (Unit and Feature tests) via PHPUnit
env:
DATABASE_URL: sqlite:///%kernel.project_dir%/data/database.sqlite
run: vendor/bin/phpunit
+1 -1
View File
@@ -10,7 +10,7 @@
# To use this workflow, you will need to:
#
# 1. Create a Mayhem for API account at
# https://mayhem4api.forallsecure.com/signup (30-day free trial)
# https://mayhem4api.forallsecure.com/signup
#
# 2. Create a service account token `mapi organization service-account create
# <org-name> <service-account-name>`
+22 -12
View File
@@ -5,29 +5,40 @@
#
# 1. Create an ECR repository to store your images.
# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
# Replace the value of `ECR_REPOSITORY` in the workflow below with your repository's name.
# Replace the value of `aws-region` in the workflow below with your repository's region.
# Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
# Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
#
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
# For example, follow the Getting Started guide on the ECS console:
# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
# Replace the values for `service` and `cluster` in the workflow below with your service and cluster names.
# Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service.
# Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster.
#
# 3. Store your ECS task definition as a JSON file in your repository.
# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
# Replace the value of `task-definition` in the workflow below with your JSON file's name.
# Replace the value of `container-name` in the workflow below with the name of the container
# Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file.
# Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container
# in the `containerDefinitions` section of the task definition.
#
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
# See the documentation for each action used below for the recommended IAM policies for this IAM user,
# and best practices on handling the access key credentials.
name: Deploy to Amazon ECS
on:
release:
types: [created]
name: Deploy to Amazon ECS
env:
AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1
ECR_REPOSITORY: MY_ECR_REPOSITORY # set this to your Amazon ECR repository name
ECS_SERVICE: MY_ECS_SERVICE # set this to your Amazon ECS service name
ECS_CLUSTER: MY_ECS_CLUSTER # set this to your Amazon ECS cluster name
ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
# file, e.g. .aws/task-definition.json
CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the
# containerDefinitions section of your task definition
jobs:
deploy:
@@ -44,7 +55,7 @@ jobs:
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
@@ -54,7 +65,6 @@ jobs:
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: my-ecr-repo
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
@@ -68,14 +78,14 @@ jobs:
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: sample-app
task-definition: ${{ env.ECS_TASK_DEFINITION }}
container-name: ${{ env.CONTAINER_NAME }}
image: ${{ steps.build-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: sample-app-service
cluster: default
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true
@@ -3,5 +3,5 @@
"description": "Deploy a container to Alibaba Cloud Container Service for Kubernetes (ACK).",
"creator": "Alibaba Cloud",
"iconName": "alibabacloud",
"categories": ["Deployment"]
"categories": ["Deployment", "Dockerfile"]
}
@@ -3,5 +3,5 @@
"description": "Build a docker container, publish it to Google Container Registry, and deploy to GKE.",
"creator": "Google Cloud",
"iconName": "googlegke",
"categories": ["Deployment"]
"categories": ["Deployment", "Dockerfile"]
}
+1 -1
View File
@@ -3,5 +3,5 @@
"description": "Build a docker container, publish it to IBM Cloud Container Registry, and deploy to IBM Cloud Kubernetes Service.",
"creator": "IBM",
"iconName": "ibm",
"categories": ["Deployment"]
"categories": ["Deployment", "Dockerfile"]
}
@@ -3,5 +3,5 @@
"description": "This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE).",
"creator": "Tencent Cloud",
"iconName": "tencentcloud",
"categories": ["Deployment"]
"categories": ["Deployment", "Dockerfile"]
}
+9 -6
View File
@@ -40,7 +40,7 @@ const propertiesSchema = {
}
}
async function checkWorkflows(folders: string[]): Promise<WorkflowWithErrors[]> {
async function checkWorkflows(folders: string[], allowed_categories: string[]): Promise<WorkflowWithErrors[]> {
const result: WorkflowWithErrors[] = []
const workflow_template_names = new Set()
for (const folder of folders) {
@@ -49,13 +49,13 @@ async function checkWorkflows(folders: string[]): Promise<WorkflowWithErrors[]>
});
for (const e of dir) {
if (e.isFile()) {
if (e.isFile() && [".yml", ".yaml"].includes(extname(e.name))) {
const fileType = basename(e.name, extname(e.name))
const workflowFilePath = join(folder, e.name);
const propertiesFilePath = join(folder, "properties", `${fileType}.properties.json`)
const workflowWithErrors = await checkWorkflow(workflowFilePath, propertiesFilePath);
const workflowWithErrors = await checkWorkflow(workflowFilePath, propertiesFilePath, allowed_categories);
if(workflowWithErrors.name && workflow_template_names.size == workflow_template_names.add(workflowWithErrors.name).size) {
workflowWithErrors.errors.push(`Workflow template name "${workflowWithErrors.name}" already exists`)
}
@@ -69,13 +69,12 @@ async function checkWorkflows(folders: string[]): Promise<WorkflowWithErrors[]>
return result;
}
async function checkWorkflow(workflowPath: string, propertiesPath: string): Promise<WorkflowWithErrors> {
async function checkWorkflow(workflowPath: string, propertiesPath: string, allowed_categories: string[]): Promise<WorkflowWithErrors> {
let workflowErrors: WorkflowWithErrors = {
id: workflowPath,
name: null,
errors: []
}
try {
const workflowFileContent = await fs.readFile(workflowPath, "utf8");
safeLoad(workflowFileContent); // Validate yaml parses without error
@@ -105,6 +104,10 @@ async function checkWorkflow(workflowPath: string, propertiesPath: string): Prom
}
}
if (!workflowPath.endsWith("blank.yml") && (!properties.categories ||
!properties.categories.some(category => allowed_categories.some(ac => ac.toLowerCase() == category.toLowerCase())))) {
workflowErrors.errors.push(`Workflow does not contain at least one allowed category - ${allowed_categories}`)
}
} catch (e) {
workflowErrors.errors.push(e.toString())
}
@@ -115,7 +118,7 @@ async function checkWorkflow(workflowPath: string, propertiesPath: string): Prom
try {
const settings = require("./settings.json");
const erroredWorkflows = await checkWorkflows(
settings.folders
settings.folders, settings.allowed_categories
)
if (erroredWorkflows.length > 0) {
+8 -1
View File
@@ -2,6 +2,13 @@
"folders": [
"../../ci",
"../../automation",
"../../deployments"
"../../deployments",
"../../code-scanning"
],
"allowed_categories" : [
"Continuous integration",
"Deployment",
"Code Scanning",
"Automation"
]
}