-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (116 loc) · 3.92 KB
/
pull_request.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Pull Request Workflow
on:
pull_request:
branches:
- main
jobs:
validate-template-code:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install AWS SAM CLI
run: |
pip install aws-sam-cli
- name: Install golint
run: |
go install golang.org/x/lint/golint@latest
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- name: Lint Go Code
run: |
# Find all .go files, excluding the vendor directory
go_files=$(find . -name "*.go" -not -path "./vendor/*" -not -path "./src/vendor/*")
# Run golint on each Go file
lint_output=""
for file in $go_files; do
output=$(golint $file)
if [ -n "$output" ]; then
lint_output="$lint_output\n$output"
fi
done
if [ -n "$lint_output" ]; then
echo "Linting issues found:"
echo -e "$lint_output"
exit 1
else
echo "No linting issues found."
fi
- name: Run gofmt
run: |
# Find all .go files and check if they are properly formatted
unformatted=$(gofmt -l $(find . -name "*.go" -not -path "./src/vendor/*"))
if [ -n "$unformatted" ]; then
echo "The following files are not formatted:"
echo "$unformatted"
exit 1
else
echo "All files are properly formatted."
fi
- name: Validate SAM Templates
run: |
for template in $(find . -name ".yaml" -o -name ".yml"); do
echo "Validating template: $template"
sam validate --template-file "$template" --region us-east-2 --lint
done
security:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run CFN Nag Security Checks
uses: stelligent/cfn_nag@master
with:
input_path: .
extra_args: -o sarif
output_path: cfn_nag.sarif
- name: Upload CFN Nag SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: cfn_nag.sarif
category: security
trivy-scan:
name: Trivy security scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode for Low Priority
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
ignore-unfixed: true
severity: 'LOW,MEDIUM'
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
- name: Run Trivy vulnerability scanner in repo mode for High Priority
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
ignore-unfixed: true
exit-code: 1
severity: 'HIGH,CRITICAL'
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
test-and-coverage:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '1.22'
#scripts to include the integration and end to end tests should be added here
- name: Run Test Cases and Coverage
run: |
cd src
mkdir -p coverage
go test -race -coverprofile=coverage/coverage.out ./...
go tool cover -html=coverage/coverage.out -o coverage/coverage.html
- name: Upload Coverage Report
uses: actions/upload-artifact@v3
with:
name: coverage-report
path: src/coverage/coverage.html