chore(deps-dev): bump nyc from 15.1.0 to 17.0.0 in /edge/nodejs/modify-response-status-code/modify-response-status-code #135

Workflow file for this run

.github/workflows/pull-request-check.yaml at 9cf70ff

	name: "pull request check"

	on:
	pull_request:
	types: [opened, reopened, edited, synchronize]
	permissions:
	contents: write
	id-token: write # required to use OIDC authentication

	jobs:
	git-secrets:
	runs-on: ubuntu-18.04
	steps:
	- uses: actions/checkout@v2
	with:
	submodules: recursive
	- name: Checkout awslabs/git-secrets
	uses: actions/checkout@v2
	with:
	repository: awslabs/git-secrets
	ref: master
	path: git-secrets
	- name: Install git-secrets
	run: cd git-secrets && sudo make install && cd ..
	- name: Run git-secrets
	run: \|
	git-secrets --register-aws
	git-secrets --scan

	opensource-license-review:
	needs: git-secrets
	runs-on: ubuntu-latest
	steps:
	- name: 'Checkout Repository'
	uses: actions/checkout@v3
	- name: Dependency Review
	uses: actions/dependency-review-action@v3
	with:
	fail-on-severity: moderate
	# Use comma-separated names to pass list arguments: LGPL-2.0,
	deny-licenses: BSD-2-Clause

	build:
	needs: opensource-license-review
	runs-on: ubuntu-latest
	env:
	CI: "false"
	steps:
	- uses: actions/checkout@v3
	with:
	ref: ${{ github.event.pull_request.head.ref }}
	repository: ${{ github.event.pull_request.head.repo.full_name }}
	- name: Use Node.js 18.x
	uses: actions/setup-node@v3
	with:
	node-version: '18.x'
	- name: Set up Python 3.8
	uses: actions/setup-python@v4
	with:
	python-version: '3.8'
	- name: Pre Build
	run: \|
	npm install -g aws-cdk
	cdk --version
	- name: build
	run: \|
	cd ${{ github.workspace }}/portal
	npm install --legacy-peer-deps
	npm run build
	cd ${{ github.workspace }}/templates/console/deployment
	./pre-build.sh
	cd ${{ github.workspace }}/templates/console/source
	npm install --legacy-peer-deps
	cdk synth
	ls -LR ${{ github.workspace }}/templates/console/deployment/
	- name: archive production artifacts
	uses: actions/upload-artifact@v3
	with:
	name: build-artifacts
	path: \|
	.git/*/
	deployment/*/
	docs/*/
	templates/console/deployment/*/
	deploy_vtag.yml
	CHANGELOG.md
	.cfnnagignore
	.cfnnag_global_suppress_list
	.cfnnag_*

	cfn-nag-scan:
	needs: build
	runs-on: ubuntu-latest
	env:
	CI: "false"
	steps:
	- name: Download all workflow run artifacts
	uses: actions/download-artifact@v3
	- name: Setup Ruby 2.6
	uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
	with:
	ruby-version: 2.6
	- name: cfn_nag
	run: \|
	# install Ruby
	# sudo apt-get install ruby-full
	# ls -R
	gem install cfn-nag
	cfn_nag -v
	echo "CloudFormation template scanning utility installation complete `date`"
	echo "Starting CloudFormation template scanning `date` in `pwd`"
	cd build-artifacts/
	export CFN_NAG_OPTS="--template-pattern ..*.template.json --print-suppression --fail-on-warnings"
	if [ -f ".cfnnag_global_suppress_list" ]; then export CFN_NAG_OPTS="$CFN_NAG_OPTS -b .cfnnag_global_suppress_list"; fi
	set -x; cfn_nag_scan $CFN_NAG_OPTS --input-path templates/console/deployment/global-s3-assets/
	# cfn_nag_scan --input-path .
	# echo "Completed CloudFormation template scanning `date`"


	semgrep-scan:
	needs: opensource-license-review
	runs-on: ubuntu-latest
	container:
	# A Docker image with Semgrep installed. Do not change this.
	image: returntocorp/semgrep
	# Skip any PR created by dependabot to avoid permission issues:
	if: (github.actor != 'dependabot[bot]')
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	# Fetch project source with GitHub Actions Checkout.
	- uses: actions/checkout@v3
	# Run the "semgrep ci" command on the command line of the docker image.
	- run: semgrep ci --config auto --sarif --output=semgrep.sarif
	- name: Upload SARIF file for GitHub Advanced Security Dashboard
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: semgrep.sarif
	if: always()

	viperlight:
	runs-on: ubuntu-latest
	needs: opensource-license-review
	env:
	CI: "false"
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Viperlight Scan
	run: \|
	wget -q https://viperlight-scanner.s3.amazonaws.com/latest/.viperlightrc
	wget -q https://viperlight-scanner.s3.amazonaws.com/latest/viperlight.zip
	unzip -q viperlight.zip -d viperlight
	rm -r ./viperlight.zip
	cd viperlight
	./install.sh
	viperlight --version
	echo "Content scanning utility installation complete `date`"
	echo "Starting content scanning `date` in `pwd`"
	cd ${{ github.workspace }}/templates/console/source
	viperlight scan -m files-contents -m files-aws -m files-binary -m files-entropy -m files-secrets
	echo "Completed content scanning `date`"

	cdk-unit-test:
	runs-on: ubuntu-latest
	needs: opensource-license-review
	env:
	CI: "false"
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Use Node.js 18.x
	uses: actions/setup-node@v3
	with:
	node-version: '18.x'
	- name: Run Typescript Unit Test
	run: \|
	cd ${{ github.workspace }}/templates/console/source
	npm install --legacy-peer-deps
	npm run test
	- name: Sed lcov report
	if: always()
	run: \|
	cd ${{ github.workspace }}/templates/console/source/coverage
	sed -i 's/source\/lib\//\/github\/workspace\/templates\/console\/source\/lib\//g' lcov.info
	sed -i 's/source\/test\//\/github\/workspace\/templates\/console\/source\/test\//g' lcov.info
	- name: archive coverage report
	uses: actions/upload-artifact@v3
	if: always()
	with:
	name: cdk-coverage-report
	path: \|
	templates/console/source/coverage/lcov.info

	ssl-lambda-unit-test:
	runs-on: ubuntu-latest
	needs: opensource-license-review
	env:
	CI: "false"
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Set up Python 3.9
	uses: actions/setup-python@v4
	with:
	python-version: '3.9'
	- name: Run Saas Lambda Python Test
	env:
	AWS_DEFAULT_REGION: us-east-1
	run: \|
	cd ${{ github.workspace }}/templates/console/source/lambda/ssl_for_saas/
	# pip install pytest
	pip install poetry
	poetry install
	export PYTHONPATH=../ssl_for_saas
	echo "PYTHONPATH=../ssl_for_saas" >> $GITHUB_ENV
	poetry run pytest --cov --cov-config=.coveragerc -cov-report=term-missing --cov-report="xml:./ssl-for-saas.coverage.xml" test

	config-deployer-unit-test:
	runs-on: ubuntu-latest
	needs: opensource-license-review
	env:
	CI: "false"
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Set up Python 3.9
	uses: actions/setup-python@v4
	with:
	python-version: '3.9'
	- name: Run Config and Deployer Lambda Python Test
	env:
	AWS_DEFAULT_REGION: us-east-1
	run: \|
	cd ${{ github.workspace }}/templates/console/deployment
	./run-lambda-ut.sh
	- name: Sed coverage report files
	if: always()
	run: \|
	cd ${{ github.workspace }}/templates/console/source/all-coverages

	monitoring-unit-test:
	runs-on: ubuntu-latest
	needs: opensource-license-review
	env:
	CI: "false"
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Set up Python 3.9
	uses: actions/setup-python@v4
	with:
	python-version: '3.9'
	- name: Run Monitoring Lambda Python Test
	env:
	AWS_DEFAULT_REGION: us-east-1
	run: \|
	cd ${{ github.workspace }}/templates/console/deployment
	./run-unit-tests.sh
	- name: Sed coverage report files
	if: always()
	run: \|
	cd ${{ github.workspace }}/templates/console/deployment/monitoring-coverages

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps-dev): bump nyc from 15.1.0 to 17.0.0 in /edge/nodejs/modify-response-status-code/modify-response-status-code #135

Workflow file

chore(deps-dev): bump nyc from 15.1.0 to 17.0.0 in /edge/nodejs/modify-response-status-code/modify-response-status-code #135

Jobs

Run details

Workflow file for this run