darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2025-12-11 07:33:36 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
67b64f11b9707fea81b045ac34339f496a3667bc
notifications-admin/.github/workflows/checks.yml
Ryan Ahearn 67b64f11b9 Use credentials output by terraform/development
2023-03-13 15:30:37 -04:00

99 lines
2.6 KiB
YAML
Raw Blame History

name: Run checks
on: [push]
permissions:
contents: read
env:
NOTIFY_ENVIRONMENT: test
NEW_RELIC_CONFIG_FILE: newrelic.ini
NEW_RELIC_ENVIRONMENT: test
FLASK_APP: application.py
WERKZEUG_DEBUG_PIN: off
REDIS_ENABLED: 0
NODE_VERSION: 16.15.1
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Run style checks
run: pipenv run flake8 .
- name: Check imports alphabetized
run: pipenv run isort --check-only ./app ./tests
- name: Run js lint
run: npm run lint
- name: Run js tests
run: npm test
- name: Run py tests
run: pipenv run pytest -n4 --maxfail=10
validate-new-relic-config:
runs-on: ubuntu-latest
environment: staging
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Validate NewRelic config
env:
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
# Need to set a NEW_RELIC_ENVIRONMENT with monitor_mode: true
NEW_RELIC_ENVIRONMENT: staging
run: pipenv run newrelic-admin validate-config $NEW_RELIC_CONFIG_FILE
dependency-audits:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Create requirements.txt
run: pipenv requirements > requirements.txt
- uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements.txt
ignore-vulns: PYSEC-2022-237
- name: Run npm audit
run: make npm-audit
static-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Run scan
run: pipenv run bandit -r app/ --confidence-level medium
dynamic-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Run server
run: make run-flask &
env:
NOTIFY_ENVIRONMENT: scanning
- name: Run OWASP Baseline Scan
uses: zaproxy/action-baseline@v0.7.0
with:
docker_name: "owasp/zap2docker-stable"
target: "http://localhost:6012"
fail_action: true
allow_issue_writing: false
rules_file_name: "zap.conf"
cmd_options: "-I"
a11y-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Run server
run: make run-flask &
env:
NOTIFY_ENVIRONMENT: scanning
- name: Run pa11y-ci
run: make a11y-scan
Reference in New Issue View Git Blame Copy Permalink