Skip to content

fixing sanitization syntax #111

fixing sanitization syntax

fixing sanitization syntax #111

name: Player Service Docker Image CI
on:
push:
branches: [ main ]
paths-ignore:
- "lts/**"
- "cts/**"
pull_request:
branches: [ main ]
paths-ignore:
- "lts/**"
- "cts/**"
## ignore the other projects in the group repo
jobs:
Unit-Testing:
runs-on: ubuntu-latest
continue-on-error: true
strategy:
max-parallel: 1
steps:
- uses: actions/checkout@v2
- name: Unit Testing
run: ls; cd player/service; npm test
- name: Code Coverage
run: echo "No code coverage for the CATAPULT player service."
Static-Scanning:
needs: Unit-Testing
environment: pipeline-environment
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v2
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
with:
#projectBaseDir: /player
args: >
-Dsonar.projectKey=catapult
-Dsonar.verbose=true
Container-Hardening:
needs: Static-Scanning
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Build the container image
run: docker build ./player --file ./player/Dockerfile --tag player-image:latest
- uses: anchore/scan-action@v2
with:
image: "player-image:latest"
fail-build: false
debug: true
acs-report-enable: true
- name: grype scan JSON results
run: cat results.sarif; cat vulnerabilities.json; for j in `ls ./anchore-reports/*.json`; do echo "---- ${j} ----"; cat ${j}; echo; done
Docker-delivery:
needs: Container-Hardening
runs-on: ubuntu-latest
environment: pipeline-environment
steps:
- uses: actions/checkout@v2
- name: Login to Docker Hub
run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USER }} --password-stdin
- name: build docker image
run: docker build ./player --file ./player/Dockerfile --tag ${{ secrets.DOCKER_USER }}/player && docker push ${{ secrets.DOCKER_USER }}/player
DAST:
needs: Docker-delivery
environment: pipeline-environment
runs-on: ubuntu-latest
continue-on-error: true
steps:
- name: Login to Docker Hub
run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USER }} --password-stdin
- name: provision cicd server for Player Docker Container
uses: garygrossgarten/github-action-ssh@release
with:
command: cd docker-test-env; echo "Starting player container testing"; echo ${{ secrets.DOCKER_PASSWORD }} |
sudo docker login -u ${{ secrets.DOCKER_USER }} --password-stdin; sudo docker pull adlhub/player # && sudo docker run adlhub/player -p 3000:3398
host: ${{ secrets.TEST_ENV_CI_EC2 }}
username: ubuntu
privateKey: ${{ secrets.CI_EC2_PEM }}
- name: ZAP Scan
run: echo "performed zap scanned"
# uses: zaproxy/[email protected]
# with:
# target: http://${{ secrets.TEST_ENV_CI_EC2 }}:3000
- name: provision cicd server for Player Docker Container
uses: garygrossgarten/github-action-ssh@release
with:
command: cd docker-test-env; echo "Starting player container testing"; #echo ${{ secrets.DOCKER_PASSWORD }} |
#sudo docker login -u ${{ secrets.DOCKER_USER }} --password-stdin; sudo docker pull adlhub/player && sudo docker run adlhub/player -p 3000:3398
host: ${{ secrets.TEST_ENV_CI_EC2 }}
username: ubuntu
privateKey: ${{ secrets.CI_EC2_PEM }}
Release-Deploy:
needs: DAST
runs-on: ubuntu-latest
steps:
- name: Release
run: echo "The Image has completed the pipeline"; echo "Notify project lead that newest image is ready for release or deploy"
- name: Deploy
run: echo "use ssh to deploy to server"