Add extra value for Priority field, and change default value #589
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR pipeline | |
on: | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
IMAGE_NAME: "pr-${{ github.event.number }}" | |
ZAP_FILE: "zap-scan-pr-${{ github.event.number }}" | |
GITHUB_CLIENT_ID: "${{ secrets.CI_GITHUB_CLIENT_ID }}" | |
GITHUB_CLIENT_SECRET: "${{ secrets.CI_GITHUB_CLIENT_SECRET }}" | |
ENCRYPTION_JWT_REFRESH_SIGNING_KEY: "${{ secrets.CI_JWT_REFRESH_SIGNING_KEY }}" | |
ENCRYPTION_JWT_SIGNING_KEY: "${{ secrets.CI_JWT_SIGNING_KEY }}" | |
ENCRYPTION_KEYS: "${{ secrets.CI_SESSION_ENCRYPTION_KEYS }}" | |
NODE_ENV: development | |
SERVER_API_PROTOCOL: http | |
# for security reasons the github actions are pinned to specific release versions | |
jobs: | |
server_unit_tests: | |
name: Server unit tests | |
runs-on: ubuntu-24.04 | |
defaults: | |
run: | |
working-directory: td.server | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.2.0 | |
- name: Use node LTS 20.14.0 | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: '20.14.0' | |
- name: Cache NPM dir | |
uses: actions/cache@v4.2.0 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
${{ runner.os }}- | |
- name: Install packages | |
run: npm clean-install | |
- name: lint | |
run: npm run lint | |
- name: Unit test | |
run: npm run test:unit | |
site_unit_tests: | |
name: Site unit tests | |
runs-on: ubuntu-24.04 | |
defaults: | |
run: | |
working-directory: td.vue | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.2.0 | |
- name: Use node LTS 20.14.0 | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: '20.14.0' | |
- name: Cache NPM dir | |
uses: actions/cache@v4.2.0 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
${{ runner.os }}- | |
- name: Install packages | |
run: npm clean-install | |
- name: Site lint | |
run: npm run lint | |
- name: Run unit tests | |
run: npm run test:unit | |
desktop_unit_tests: | |
name: Desktop unit tests | |
runs-on: ubuntu-24.04 | |
defaults: | |
run: | |
working-directory: td.vue | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.2.0 | |
- name: Use node LTS 20.14.0 | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: '20.14.0' | |
- name: Cache NPM dir | |
uses: actions/cache@v4.2.0 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
${{ runner.os }}- | |
- name: Install packages | |
run: npm clean-install | |
- name: Desktop lint | |
run: npm run lint:desktop | |
- name: Run unit tests | |
run: npm run test:desktop | |
codeql: | |
name: Analyze with codeql | |
runs-on: ubuntu-24.04 | |
needs: [server_unit_tests, site_unit_tests, desktop_unit_tests] | |
permissions: | |
security-events: write | |
strategy: | |
fail-fast: false | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4.2.0 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3.27.0 | |
with: | |
languages: 'javascript' | |
config-file: ./.github/codeql/codeql-config.yml | |
# If you wish to specify custom queries, you can do so here or in a config file. | |
# By default, queries listed here will override any specified in a config file. | |
# Prefix the list here with "+" to use these queries and those in the config file. | |
- name: CodeQL autobuild | |
uses: github/codeql-action/autobuild@v3.27.0 | |
- name: Perform vulnerability analysis | |
uses: github/codeql-action/analyze@v3.27.0 | |
e2e_smokes: | |
name: Local site e2e smokes | |
runs-on: ubuntu-24.04 | |
needs: [site_unit_tests, server_unit_tests] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.2.0 | |
- name: Use node LTS 20.14.0 | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: '20.14.0' | |
- name: Cache NPM dir | |
uses: actions/cache@v4.2.0 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
${{ runner.os }}- | |
- name: Install packages | |
run: npm clean-install | |
- name: Build and run locally | |
run: npm start | |
- name: Run e2e tests | |
run: | | |
cd td.vue | |
npm run test:e2e-pr-smokes | |
- name: Upload e2e videos | |
uses: actions/upload-artifact@v4.4.0 | |
with: | |
name: e2e_vids.zip | |
path: td.vue/tests/e2e/videos | |
if: ${{ failure() && hashFiles('td.vue/tests/e2e/videos/') != '' }} | |
e2e_tests: | |
name: Local site e2e tests | |
runs-on: ubuntu-24.04 | |
needs: e2e_smokes | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.2.0 | |
- name: Use node LTS 20.14.0 | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: '20.14.0' | |
- name: Cache NPM dir | |
uses: actions/cache@v4.2.0 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install packages | |
run: npm clean-install | |
- name: Build and run locally | |
run: npm start | |
- name: Run e2e tests | |
run: | | |
cd td.vue | |
npm run test:e2e-pr | |
- name: Upload e2e videos | |
uses: actions/upload-artifact@v4.4.0 | |
with: | |
name: e2e_vids.zip | |
path: td.vue/tests/e2e/videos | |
if: ${{ failure() && hashFiles('td.vue/tests/e2e/videos/') != '' }} | |
zap_scan_web_app: | |
name: Local site zap scan | |
runs-on: ubuntu-24.04 | |
needs: e2e_tests | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.2.0 | |
- name: Use node LTS 20.14.0 | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: '20.14.0' | |
- name: Cache NPM dir | |
uses: actions/cache@v4.2.0 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install packages | |
run: npm clean-install | |
- name: Build and run locally | |
run: npm start | |
- name: ZAP Scan | |
uses: zaproxy/action-full-scan@v0.12.0 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
target: 'http://localhost:8080' | |
rules_file_name: '.github/workflows/.zap-rules-web.tsv' | |
allow_issue_writing: false | |
fail_action: false | |
artifact_name: ${{ env.ZAP_FILE }} | |
cmd_options: '-a' | |
build_docker_image: | |
name: Build docker image | |
runs-on: ubuntu-24.04 | |
needs: e2e_smokes | |
if: github.repository == 'OWASP/threat-dragon' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.2.0 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3.7.0 | |
with: | |
install: true | |
- name: Cache Docker layers | |
uses: actions/cache@v4.2.0 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
${{ runner.os }}- | |
- name: Build for amd64 | |
id: docker_build | |
uses: docker/build-push-action@v6.10.0 | |
with: | |
context: ./ | |
file: ./Dockerfile | |
builder: ${{ steps.buildx.outputs.name }} | |
tags: ${{ env.IMAGE_NAME }} | |
outputs: type=docker,dest=/tmp/${{ env.IMAGE_NAME }}.tar | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
platforms: linux/amd64 | |
load: true | |
- name: Upload docker local image | |
uses: actions/upload-artifact@v4.4.0 | |
with: | |
name: ${{ env.IMAGE_NAME }} | |
path: /tmp/${{ env.IMAGE_NAME }}.tar | |
- name: Check docker local image | |
run: | | |
docker load --input /tmp/${{ env.IMAGE_NAME }}.tar | |
docker image ls -a | |
- # Temp fix for large cache bug | |
# https://github.com/docker/build-push-action/issues/252 | |
name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
scan_image_with_trivy: | |
name: Scan with Trivy | |
runs-on: ubuntu-24.04 | |
needs: build_docker_image | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.2.0 | |
- name: Retrieve local docker image | |
uses: actions/download-artifact@v4.1.8 | |
with: | |
name: ${{ env.IMAGE_NAME }} | |
path: /tmp | |
- name: Load local docker image | |
run: | | |
docker load --input /tmp/${{ env.IMAGE_NAME }}.tar | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@0.29.0 | |
with: | |
image-ref: '${{ env.IMAGE_NAME }}' | |
format: 'table' | |
trivyignores: '.github/workflows/.trivyignore' | |
exit-code: 1 |