darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 02:42:26 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
773cd9979085c745aedcc0634894b596b1e34e42
notifications-admin/.github/workflows/checks.yml
Ryan Ahearn 773cd99790 Only run pip-audit on runtime dependencies in CI
2022-10-19 10:39:46 -04:00

95 lines
2.5 KiB
YAML
Raw Blame History

name: Run checks
on: [push]
permissions:
contents: read
env:
NOTIFY_ENVIRONMENT: test
FLASK_APP: application.py
FLASK_ENV: development
WERKZEUG_DEBUG_PIN: off
REDIS_URL: "redis://you-forgot-to-mock-a-redis-call-to"
REDIS_ENABLED: True
ANTIVIRUS_ENABLED: 0
NODE_VERSION: 16.15.1
ADMIN_CLIENT_ID: notify-admin
ADMIN_CLIENT_USERNAME: notify-admin
ADMIN_CLIENT_SECRET: dev-notify-secret-key
GOVUK_ALERTS_CLIENT_ID: govuk-alerts
ADMIN_BASE_URL: http://localhost:6012
API_HOST_NAME: http://localhost:6011
DEV_API_HOST_NAME: http://localhost:6011
AWS_REGION: us-west-2
BASIC_AUTH_USERNAME: curiousabout
BASIC_AUTH_PASSWORD: the10xnotifybeta
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Run style checks
run: flake8 .
- name: Check imports alphabetized
run: isort --check-only ./app ./tests
- name: Run js tests
run: npm test
- name: Run py tests
run: pytest -n4 --maxfail=10
dependency-audits:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- uses: trailofbits/gh-action-pip-audit@v1.0.0
with:
inputs: requirements.txt
ignore-vulns: PYSEC-2022-237
- name: Run npm audit
run: make npm-audit
static-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Install bandit
run: pip install bandit
- name: Run scan
run: bandit -r app/ --confidence-level medium
dynamic-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Run server
run: make run-flask &
env:
NOTIFY_ENVIRONMENT: scanning
- name: Run OWASP Baseline Scan
uses: zaproxy/action-baseline@v0.7.0
with:
docker_name: "owasp/zap2docker-weekly"
target: "http://localhost:6012"
fail_action: true
allow_issue_writing: false
rules_file_name: "zap.conf"
cmd_options: "-I"
a11y-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Run server
run: make run-flask &
env:
NOTIFY_ENVIRONMENT: scanning
- name: Run pa11y-ci
run: make a11y-scan
Reference in New Issue View Git Blame Copy Permalink