114 lines
3.1 KiB
YAML
114 lines
3.1 KiB
YAML
on:
|
|
pull_request:
|
|
types: [opened, edited, reopened, synchronize]
|
|
|
|
# trigger manually for debugging
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
id-token: write # This is required for requesting the JWT
|
|
contents: read # This is required for actions/checkout
|
|
|
|
env:
|
|
AWS_REGION : us-east-1
|
|
|
|
jobs:
|
|
mw-ut:
|
|
name: mw-ut
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
# - name: configure aws credentials
|
|
# uses: aws-actions/configure-aws-credentials@v1
|
|
# with:
|
|
# role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GitHub_Action_Role
|
|
# role-session-name: cdksession
|
|
# aws-region: ${{ env.AWS_REGION }}
|
|
- name: ut
|
|
run: |
|
|
pip install pytest
|
|
pip install pytest-cov
|
|
# TODO
|
|
|
|
git-secrets:
|
|
name: git-secrets
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
submodules: recursive
|
|
- name: Checkout awslabs/git-secrets
|
|
uses: actions/checkout@v3
|
|
with:
|
|
repository: awslabs/git-secrets
|
|
ref: master
|
|
path: git-secrets
|
|
- name: Install git-secrets
|
|
run: cd git-secrets && sudo make install && cd ..
|
|
- name: Run git-secrets
|
|
run: |
|
|
git-secrets --register-aws
|
|
git-secrets --scan
|
|
|
|
viperlight:
|
|
name: viperlight
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
- name: Viperlight
|
|
run: |
|
|
wget -q https://viperlight-scanner.s3.amazonaws.com/latest/.viperlightrc
|
|
wget -q https://viperlight-scanner.s3.amazonaws.com/latest/viperlight.zip
|
|
unzip -q viperlight.zip -d ../viperlight
|
|
rm -r ./viperlight.zip
|
|
echo "Content scanning utility installation complete `date`"
|
|
echo "Starting content scanning `date` in `pwd`"
|
|
../viperlight/bin/viperlight scan -m files-contents -m files-aws -m files-binary -m files-entropy -m files-secrets
|
|
echo "Completed content scanning `date`"
|
|
|
|
miss-spelling-validate:
|
|
name: miss spelling check for words or sentences
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
- name: Set up Python environment
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: "3.8"
|
|
# - name: flake8 Lint
|
|
# uses: py-actions/flake8@v2
|
|
# with:
|
|
# ignore: "E501, E302"
|
|
- name: Check for misspellings
|
|
uses: codespell-project/actions-codespell@master
|
|
with:
|
|
only_warn: 1
|
|
check_filenames: true
|
|
skip: .git,*.png,*.jpg,*.jpeg
|
|
|
|
sematic-validate:
|
|
name: Validate PR title
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
pull-requests: write
|
|
steps:
|
|
- uses: amannn/action-semantic-pull-request@v5.0.2
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with :
|
|
types: |
|
|
feat
|
|
fix
|
|
docs
|
|
style
|
|
refactor
|
|
perf
|
|
test
|
|
build
|
|
ci
|
|
chore
|
|
revert
|