Skip to content

Commit

Permalink
Merge pull request #3 from aligent/chore/AM-2046-initial-repo-setup
Browse files Browse the repository at this point in the history
Setup GitHub actions
  • Loading branch information
TheOrangePuff authored Oct 31, 2024
2 parents 8886a07 + 883d0c7 commit 3b915a4
Show file tree
Hide file tree
Showing 11 changed files with 331 additions and 27 deletions.
4 changes: 4 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
* @aligent/mesh-developers

.github/* @aligent/aligent-devops
bitbucket-pipelines.yml @aligent/aligent-devops
7 changes: 7 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
version: 2
updates:
- package-ecosystem: 'npm'
directory: '/'
schedule:
interval: 'daily'
open-pull-requests-limit: 10
66 changes: 66 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
name: Build

on:
workflow_call:
inputs:
application:
required: true
type: string

jobs:
build:
name: 🏭 Build all packages
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 1

- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'

- name: Install
run: yarn install

- name: Build all packages
env:
BC_CLIENT_ID: ${{ secrets.BC_CLIENT_ID }}
BC_CLIENT_SECRET: ${{ secrets.BC_CLIENT_SECRET }}
BC_GRAPHQL_API: ${{ secrets.BC_GRAPHQL_API }}
BC_GRAPHQL_TOKEN: ${{ secrets.BC_GRAPHQL_TOKEN }}
BC_REST_API: ${{ secrets.BC_REST_API }}
JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
ORO_CLIENT_ID: ${{ secrets.ORO_CLIENT_ID }}
ORO_CLIENT_SECRET: ${{ secrets.ORO_CLIENT_SECRET }}
ORO_STORE_URL: ${{ secrets.ORO_STORE_URL }}
STORE_HASH: ${{ secrets.STORE_HASH }}
X_AUTH_TOKEN: ${{ secrets.X_AUTH_TOKEN }}
run: yarn nx run-many -t build

- name: Build Docker Container
env:
BC_CLIENT_ID: ${{ secrets.BC_CLIENT_ID }}
BC_CLIENT_SECRET: ${{ secrets.BC_CLIENT_SECRET }}
BC_GRAPHQL_API: ${{ secrets.BC_GRAPHQL_API }}
BC_GRAPHQL_TOKEN: ${{ secrets.BC_GRAPHQL_TOKEN }}
BC_REST_API: ${{ secrets.BC_REST_API }}
JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
ORO_CLIENT_ID: ${{ secrets.ORO_CLIENT_ID }}
ORO_CLIENT_SECRET: ${{ secrets.ORO_CLIENT_SECRET }}
ORO_STORE_URL: ${{ secrets.ORO_STORE_URL }}
STORE_HASH: ${{ secrets.STORE_HASH }}
X_AUTH_TOKEN: ${{ secrets.X_AUTH_TOKEN }}
run: yarn nx docker-build ${{ inputs.application }}

- name: Save Docker image to a tar file
run: |
docker save ${{ inputs.application }}:latest -o /tmp/${{ inputs.application }}.tar
- name: Upload Docker image as artifact
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.application }}-docker-image
path: /tmp/${{ inputs.application }}.tar
93 changes: 93 additions & 0 deletions .github/workflows/owasp.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
name: OWASP Dependency Check

on:
# schedule:
# - cron: '0 0 * * *' # Runs daily at midnight
workflow_dispatch: # Allows manual trigger from the GitHub Actions tab
workflow_call:
inputs:
version:
type: string
output:
default: 'owasp-results'
type: string
scan_path:
default: '.'
type: string
cvss_fail_level:
default: 1
type: number
suppression_path:
default: 'suppression.xml'
type: string
disable_oss_index:
type: boolean
secrets:
OSS_INDEX_USERNAME:
OSS_INDEX_PASSWORD:
NVD_API_KEY:

jobs:
owasp_scan:
name: 🛡️ OWASP Scan
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
path: code

- name: Fetch dependency check script
run: |
if [ -z "${{ inputs.version }}" ]; then
VERSION=$(curl -s https://jeremylong.github.io/DependencyCheck/current.txt)
else
VERSION=${{ inputs.version }}
fi
curl -Ls "https://github.com/jeremylong/DependencyCheck/releases/download/v$VERSION/dependency-check-$VERSION-release.zip" --output dependency-check.zip
- name: Unzip dependency check
run: |
ls -la
unzip dependency-check
- name: Load database from cache
uses: actions/cache@v4
with:
path: dependency-check/data/oss_cache
key: owasp-database-cache

- name: Run OWASP dependency check
env:
OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }}
OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }}
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: |
mkdir ${{ inputs.output }}
./dependency-check/bin/dependency-check.sh \
--format JUNIT \
--format HTML \
--prettyPrint \
--project ${{ github.event.repository.name }} \
--enableExperimental \
--out ${{ inputs.output }} \
-s ${{ inputs.scan_path }} \
--junitFailOnCVSS ${{ inputs.cvss_fail_level }} \
--failOnCVSS ${{ inputs.cvss_fail_level }} \
--suppression code/${{ inputs.suppression_path }} \
--ossIndexUsername ${{ secrets.OSS_INDEX_USERNAME }} \
--ossIndexPassword ${{ secrets.OSS_INDEX_PASSWORD }} \
--nvdApiKey ${{ secrets.NVD_API_KEY }} \
--disableOssIndex ${{ inputs.disable_oss_index }}
- name: Upload database to cache
uses: actions/cache@v4
with:
path: dependency-check/data/oss_cache
key: owasp-database-cache

- name: Upload OWASP report
uses: actions/upload-artifact@v4
with:
name: owasp-dependency-check-report
path: ${{ inputs.output }}/dependency-check-report.html
58 changes: 58 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: Publish to NPM

on:
release:
tags:
- '**-[0-9]+.[0-9]+.[0-9]+'
- '**-[0-9]+.[0-9]+.[0-9]+-*'
types: [published]

jobs:
build-and-publish:
name: 🚀 Publish to NPM
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.release.target_commitish }}

- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'
registry-url: https://registry.npmjs.org/

- name: Install
run: yarn install

- name: Preparing environment for release
run: |
VERSION=$(echo $GITHUB_REF_NAME | sed 's/^.*[A-Za-z]-//g')
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo "PACKAGE=$(echo $GITHUB_REF_NAME | sed "s/-${VERSION}//g")" >> $GITHUB_ENV
- name: Release
run: |
git config --global user.name "Automated NPM Release"
git config --global user.email "[email protected]"
echo "Publishing $PACKAGE @ $VERSION"
yarn config set registry https://registry.npmjs.org/
yarn nx publish $PACKAGE --ver=$VERSION --tag=latest --verbose
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
BC_CLIENT_ID: ${{ secrets.BC_CLIENT_ID }}
BC_CLIENT_SECRET: ${{ secrets.BC_CLIENT_SECRET }}
BC_GRAPHQL_API: ${{ secrets.BC_GRAPHQL_API }}
BC_GRAPHQL_TOKEN: ${{ secrets.BC_GRAPHQL_TOKEN }}
BC_REST_API: ${{ secrets.BC_REST_API }}
JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
ORO_CLIENT_ID: ${{ secrets.ORO_CLIENT_ID }}
ORO_CLIENT_SECRET: ${{ secrets.ORO_CLIENT_SECRET }}
ORO_STORE_URL: ${{ secrets.ORO_STORE_URL }}
STORE_HASH: ${{ secrets.STORE_HASH }}
X_AUTH_TOKEN: ${{ secrets.X_AUTH_TOKEN }}

- name: Update the package version number
run: git push
env:
github-token: ${{ secrets.GITHUB_TOKEN }}
80 changes: 80 additions & 0 deletions .github/workflows/pull-request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
name: Pull Request Checks

on:
pull_request:
branches:
- '**' # Trigger on all branches

jobs:
test:
name: ⚙️ Run Tests
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}

- name: Fetch target
run: git fetch origin ${{ github.event.pull_request.base.ref }}

- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'

- name: Install
run: yarn install

- name: Run Tests
run: |
FORCE_COLOR=true
DESTINATION_BRANCH=origin/${{ github.event.pull_request.base.ref }} # Set branch
yarn nx affected:test --base=$DESTINATION_BRANCH --ci --code-coverage --parallel --max-parallel=3
code-quality:
name: 🕵️‍♀️ Code Quality
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}

- name: Fetch target
run: git fetch origin ${{ github.event.pull_request.base.ref }}

- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'

- name: Install
run: yarn install

- name: Code Quality Check
run: |
FORCE_COLOR=true
DESTINATION_BRANCH=origin/${{ github.event.pull_request.base.ref }} # Set branch
yarn nx affected:lint --base=$DESTINATION_BRANCH --parallel --max-parallel=3
yarn nx format:check --base=$DESTINATION_BRANCH --parallel --max-parallel=3
yarn nx affected -t check-types --base=$DESTINATION_BRANCH --parallel --max-parallel=3
# TODO: fix the owasp pipeline
# owasp:
# name: 🛡️ OWASP Scan
# uses: ./.github/workflows/owasp.yml
# secrets: inherit

build:
name: 👷 Build
strategy:
fail-fast: false
matrix:
application: [bigcommerce-mesh, orocommerce-mesh]
uses: ./.github/workflows/build.yml
with:
application: ${{ matrix.application }}
secrets: inherit
1 change: 0 additions & 1 deletion .yarnrc

This file was deleted.

21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2024 Aligent

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
23 changes: 1 addition & 22 deletions bitbucket-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -70,15 +70,6 @@ definitions:
artifacts:
- '*.tar.gz'

- step: &publish
name: 📦 Publish package to the Aligent Repository
script:
- VERSION=$(echo $BITBUCKET_TAG | sed 's/^.*[A-Za-z]-//g')
- PACKAGE=$(echo $BITBUCKET_TAG | sed "s/-${VERSION}//g")
- echo "Publishing $PACKAGE @ $VERSION"
- npm config set //npm.corp.aligent.consulting/:_authToken $NPM_PUBLISH_TOKEN
- yarn nx publish $PACKAGE --ver=$VERSION --tag=latest

- step: &deploy
name: 📦 Push to ECR
services:
Expand Down Expand Up @@ -124,20 +115,8 @@ pipelines:
- step: *build-all-containers
- step: *code-quality
- step: *test
tags:
'bigcommerce-graphql-module-*.*.*':
- step: *install
- step: *publish
'orocommerce-graphql-module-*.*.*':
- step: *install
- step: *publish
'maintenance-mode-plugin-*.*.*':
- step: *install
- step: *publish
'auth-module-*.*.*':
- step: *install
- step: *publish

# Customise this depending on requirements
branches:
main:
- step: *install
Expand Down
1 change: 0 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
{
"name": "@aligent/graphql-mesh-source",
"version": "0.1.0",
"private": true,
"license": "UNLICENSED",
"devDependencies": {
"@graphql-codegen/add": "^5.0.0",
Expand Down
4 changes: 1 addition & 3 deletions tools/scripts/publish.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,4 @@ try {
}

// Execute "npm publish" to publish
execSync(
`npm publish --access restricted --registry https://npm.corp.aligent.consulting/ --tag ${tag}`
);
execSync(`npm publish --verbose --access=public --tag ${tag}`);

0 comments on commit 3b915a4

Please sign in to comment.