Skip to content
Analysis

Secure ETL downloads #1429

Sign in to view logs

Secure ETL downloads

Secure ETL downloads #1429

Workflow file for this run

.github/workflows/analysis.yml at 59e3a33
name: "Analysis"
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
jobs:
lint:
name: Lint Api
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: denoland/setup-deno@v1
with:
deno-version: v1.x
- name: Run lint
working-directory: ./api
# FIXME
continue-on-error: true
run: deno lint
code-audit:
name: Code audit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install NodeJS
uses: actions/setup-node@v4
with:
node-version: '20'
- name: 'Audit dashboard dependencies'
run: npm audit --audit-level moderate && exit 0 || $([[ $? -ge 8 ]] && exit 1 || exit 0)
working-directory: dashboard
- name: 'Audit public site dependencies'
run: npm audit --audit-level moderate && exit 0 || $([[ $? -ge 8 ]] && exit 1 || exit 0)
working-directory: public
python-code-audit:
name: Python code audit
runs-on: ubuntu-latest
env:
DEP_PATH: notebooks/requirements.txt
steps:
- name: Check out master
uses: actions/checkout@master
- name: Security vulnerabilities scan
uses: pyupio/safety-action@v1
with:
api-key: ${{ secrets.SAFETY_API_KEY }}
test:
needs: [lint, code-audit]
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-${{ hashFiles('**/deno.lock') }}
- uses: denoland/setup-deno@v1
with:
deno-version: v1.x
- uses: taiki-e/install-action@v2
with:
tool: [email protected]
- name: Run unit test
run: just ci_test_unit
working-directory: api
env:
APP_POSTGRES_URL: postgres://
APP_REDIS_URL: redis://
codeql:
needs: test
name: CodeQL
runs-on: ubuntu-latest
strategy:
matrix:
language: ['javascript']
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
config-file: ./.github/codeql/codeql-config.yml
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
e2e:
needs: test
name: Test integration
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-${{ hashFiles('**/deno.lock') }}
- uses: denoland/setup-deno@v1
with:
deno-version: v1.x
- uses: taiki-e/install-action@v2
with:
tool: [email protected]
- name: Add host entries
run: |
sudo echo "127.0.0.1 api.covoiturage.test" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 s3.covoiturage.test" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 download.covoiturage.test" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 local-pdc-export.s3.covoiturage.test" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 auth.covoiturage.test" | sudo tee -a /etc/hosts
- name: Run integration tests
env:
APP_POSTGRES_URL: postgres://postgres:postgres@localhost:5432/test
AWS_ACCESS_KEY_ID: minioadmin
APP_POSTGRES_TIMEOUT: 120000
AWS_SECRET_ACCESS_KEY: minioadmin
AWS_ENDPOINT: http://localhost:9000
AWS_BUCKET_PREFIX: local-pdc
APP_REDIS_URL: redis://localhost:6379
INTEGRATION_MAILER_SMTP_HOST: localhost
APP_CEE_PUBLIC_KEY_PATH: ${{ github.workspace }}/docker/api/certs/publicKey.pem
APP_CEE_PRIVATE_KEY_PATH: ${{ github.workspace }}/docker/api/certs/privateKey.pem
APP_MAIL_SMTP_URL: smtp://localhost:1025
APP_DATAGOUV_URL: null
APP_DATAGOUV_KEY: null
APP_JWT_SECRET: null
APP_SESSION_SECRET: null
APP_ROUTECACHE_AUTHTOKEN: null
AWS_REGION: fr-par
KC_BOT_CLIENT: pdc-bot
KC_BOT_CLIENT_SECRET: so_secret_000
KC_ADMIN_CLIENT: pdc-manager
KC_ADMIN_CLIENT_SECRET: so_secret_000
run: just ci_test_integration
working-directory: api