VAMS V2 Release (#192) #411
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Scan for Vulnerabilities | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
with: | |
path: ./vams | |
- name: Setup Python Version | |
uses: actions/setup-python@v2 | |
with: | |
python-version: 3.10.11 | |
- name: Setup node for the whole package | |
uses: actions/setup-node@v3 | |
- name: Clone automated security helper | |
uses: actions/checkout@v3 | |
with: | |
repository: aws-samples/automated-security-helper | |
path: ./ash | |
- name: Run automated security helper | |
run: | | |
cd ash | |
export PATH=$PATH:./ | |
ash --source-dir ../vams || true | |
- name: Upload Report | |
uses: actions/upload-artifact@v3 | |
with: | |
name: automated-security-helper-report | |
path: ash/aggregated_results.txt | |
- name: Npm install root directory | |
working-directory: vams | |
run: npm install | |
- name: Npm audit root directory | |
working-directory: vams | |
run: npm audit --production | |
- name: Prettier Check | |
working-directory: vams | |
run: npm run prettier-check | |
- name: Install Poetry Action | |
uses: snok/install-poetry@v1 | |
with: | |
version: 1.8.2 | |
virtualenvs-create: true | |
virtualenvs-in-project: true | |
virtualenvs-path: backend/.venv | |
installer-parallel: true | |
- name: Run yarn install web directory | |
uses: Borales/[email protected] | |
with: | |
dir: "vams/web" | |
cmd: install | |
- name: Run yarn audit web directory | |
uses: Borales/[email protected] | |
with: | |
dir: "vams/web" | |
cmd: audit | |
# - name: Web test | |
# working-directory: vams/web | |
# env: | |
# CI: "true" | |
# run: npm run test | |
- name: Web build | |
working-directory: vams/web | |
env: | |
CI: "" | |
run: npm run build.lowmem | |
- name: Npm install infrastructure directory | |
working-directory: vams/infra | |
run: npm install | |
- name: Npm audit infrastructure directory | |
working-directory: vams/infra | |
run: npm audit --production | |
- name: Synthesize Cloudformation templates | |
working-directory: vams/infra | |
run: | | |
CDK_NAG_ENABLED=true | |
export REGION=us-east-1 | |
npx cdk synth | |
- name: eslint | |
working-directory: vams | |
run: npm run lint | |
- name: Scan VAMS WAF Cloudformation template | |
uses: stelligent/cfn_nag@master | |
with: | |
input_path: vams/infra/cdk.out/vams-waf-prod-us-east-1.template.json | |
- name: Scan VAMS Cloudformation template | |
uses: stelligent/cfn_nag@master | |
with: | |
input_path: vams/infra/cdk.out/vams-core-prod-us-east-1.template.json | |
#- name: run checks | |
# working-directory: vams/backend | |
# run: make all |