fixing sanitization syntax #111
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Player Service Docker Image CI | |
on: | |
push: | |
branches: [ main ] | |
paths-ignore: | |
- "lts/**" | |
- "cts/**" | |
pull_request: | |
branches: [ main ] | |
paths-ignore: | |
- "lts/**" | |
- "cts/**" | |
## ignore the other projects in the group repo | |
jobs: | |
Unit-Testing: | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
strategy: | |
max-parallel: 1 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Unit Testing | |
run: ls; cd player/service; npm test | |
- name: Code Coverage | |
run: echo "No code coverage for the CATAPULT player service." | |
Static-Scanning: | |
needs: Unit-Testing | |
environment: pipeline-environment | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
# Disabling shallow clone is recommended for improving relevancy of reporting | |
fetch-depth: 0 | |
- name: SonarQube Scan | |
uses: sonarsource/sonarqube-scan-action@master | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
with: | |
#projectBaseDir: /player | |
args: > | |
-Dsonar.projectKey=catapult | |
-Dsonar.verbose=true | |
Container-Hardening: | |
needs: Static-Scanning | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build the container image | |
run: docker build ./player --file ./player/Dockerfile --tag player-image:latest | |
- uses: anchore/scan-action@v2 | |
with: | |
image: "player-image:latest" | |
fail-build: false | |
debug: true | |
acs-report-enable: true | |
- name: grype scan JSON results | |
run: cat results.sarif; cat vulnerabilities.json; for j in `ls ./anchore-reports/*.json`; do echo "---- ${j} ----"; cat ${j}; echo; done | |
Docker-delivery: | |
needs: Container-Hardening | |
runs-on: ubuntu-latest | |
environment: pipeline-environment | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Login to Docker Hub | |
run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USER }} --password-stdin | |
- name: build docker image | |
run: docker build ./player --file ./player/Dockerfile --tag ${{ secrets.DOCKER_USER }}/player && docker push ${{ secrets.DOCKER_USER }}/player | |
DAST: | |
needs: Docker-delivery | |
environment: pipeline-environment | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- name: Login to Docker Hub | |
run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USER }} --password-stdin | |
- name: provision cicd server for Player Docker Container | |
uses: garygrossgarten/github-action-ssh@release | |
with: | |
command: cd docker-test-env; echo "Starting player container testing"; echo ${{ secrets.DOCKER_PASSWORD }} | | |
sudo docker login -u ${{ secrets.DOCKER_USER }} --password-stdin; sudo docker pull adlhub/player # && sudo docker run adlhub/player -p 3000:3398 | |
host: ${{ secrets.TEST_ENV_CI_EC2 }} | |
username: ubuntu | |
privateKey: ${{ secrets.CI_EC2_PEM }} | |
- name: ZAP Scan | |
run: echo "performed zap scanned" | |
# uses: zaproxy/[email protected] | |
# with: | |
# target: http://${{ secrets.TEST_ENV_CI_EC2 }}:3000 | |
- name: provision cicd server for Player Docker Container | |
uses: garygrossgarten/github-action-ssh@release | |
with: | |
command: cd docker-test-env; echo "Starting player container testing"; #echo ${{ secrets.DOCKER_PASSWORD }} | | |
#sudo docker login -u ${{ secrets.DOCKER_USER }} --password-stdin; sudo docker pull adlhub/player && sudo docker run adlhub/player -p 3000:3398 | |
host: ${{ secrets.TEST_ENV_CI_EC2 }} | |
username: ubuntu | |
privateKey: ${{ secrets.CI_EC2_PEM }} | |
Release-Deploy: | |
needs: DAST | |
runs-on: ubuntu-latest | |
steps: | |
- name: Release | |
run: echo "The Image has completed the pipeline"; echo "Notify project lead that newest image is ready for release or deploy" | |
- name: Deploy | |
run: echo "use ssh to deploy to server" |