chore(cicd): move all certifiers duty to GitHub (#629)

https://coveord.atlassian.net/browse/CDX-785
coveo · Jan 26, 2022 · 751d28e · 751d28e
1 parent 7222cef
commit 751d28e
Show file tree

Hide file tree

Showing 9 changed files with 100,188 additions and 98,154 deletions.
diff --git a/.deployment.config.json b/.deployment.config.json
@@ -3,17 +3,27 @@
   "team_name": "DX",
   "general": {
     "team_jenkins": "searchuibuilds",
-    "notifications": {"slack_channels": ["#searchuibuilds"]},
+    "notifications": {
+      "slack_channels": ["#searchuibuilds"]
+    },
     "environments_order": {
       "sequential": ["dev", "qa", "prd"]
     },
-    "qa": {"start_environment_automatically": true},
+    "qa": {
+      "start_environment_automatically": true
+    },
+    "prd": {
+      "start_environment_automatically": true
+    },
     "aws_regions": {
       "sequential": ["us-east-1"]
     }
   },
   "ordered_phases": [
-    {"id": "terraform", "terraform": {}},
+    {
+      "id": "terraform",
+      "terraform": {}
+    },
     {
       "id": "s3",
       "s3": {
@@ -37,94 +47,20 @@
     }
   ],
   "snyk": {
-    "org": "coveo-developer-experience",
-    "no_container_images": true,
-    "configurations": [
-      {
-        "project_name": "cli-root",
-        "file": "package-lock.json",
-        "additional_config": {
-          "scan_dev_dependencies": true,
-          "image": "snyk/snyk-cli:1.778.0-docker"
-        }
-      },
-      {
-        "project_name": "cli",
-        "directory": "packages/cli",
-        "additional_config": {
-          "scan_dev_dependencies": true,
-          "image": "snyk/snyk-cli:1.778.0-docker"
-        }
-      },
-      {
-        "project_name": "angular",
-        "directory": "packages/angular",
-        "additional_config": {
-          "scan_dev_dependencies": true,
-          "image": "snyk/snyk-cli:1.778.0-docker"
-        }
-      },
-      {
-        "project_name": "cra-template",
-        "directory": "packages/cra-template",
-        "additional_config": {
-          "scan_dev_dependencies": true,
-          "image": "snyk/snyk-cli:1.778.0-docker"
-        }
-      },
-      {
-        "project_name": "search-token-server",
-        "directory": "packages/search-token-server",
-        "additional_config": {
-          "scan_dev_dependencies": true,
-          "image": "snyk/snyk-cli:1.778.0-docker"
-        }
-      },
-      {
-        "project_name": "search-token-lambda",
-        "directory": "packages/search-token-lambda",
-        "additional_config": {
-          "scan_dev_dependencies": true,
-          "image": "snyk/snyk-cli:1.778.0-docker"
-        }
-      },
-      {
-        "project_name": "vue-cli-plugin",
-        "directory": "packages/vue-cli-plugin-typescript",
-        "additional_config": {
-          "scan_dev_dependencies": true,
-          "image": "snyk/snyk-cli:1.778.0-docker"
-        }
-      },
-      {
-        "project_name": "create-atomic",
-        "directory": "packages/create-atomic",
-        "additional_config": {
-          "scan_dev_dependencies": true,
-          "image": "snyk/snyk-cli:1.778.0-docker"
-        }
-      },
-      {
-        "project_name": "create-atomic-template",
-        "directory": "packages/create-atomic/templates",
-        "additional_config": {
-          "scan_dev_dependencies": true,
-          "image": "snyk/snyk-cli:1.778.0-docker"
-        }
-      }
-    ]
+    "no_dependencies": true,
+    "no_container_images": true
   },
   "observatory": {
     "no_endpoint": true
   },
   "veracode": {
-    "sandbox_name": "CLI",
-    "app_name": "JSUI",
-    "source": "./packages/cli/src",
-    "scan_include_patterns": "*"
+    "no_scan": true
   },
   "deployment_config_version": 2,
   "package_rollout": {
-    "only_consider_changesets_after": "591040c6568cce03b031c3059cd4d4de87de8d7c"
+    "only_consider_changesets_after": "591040c6568cce03b031c3059cd4d4de87de8d7c",
+    "jira_issues_discovery": {
+      "stop_after_first_issue": true
+    }
   }
 }
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -1,3 +1,9 @@
+<!-- For Coveo Employees only. Fill this section.
+
+CDX-XXX
+
+-->
+
 ## Proposed changes
 
 <!--
@@ -24,10 +30,3 @@
 <!-- Did you write functionnal tests for your feature? If not, explains why?  -->
 - [ ] Manual Tests:
 <!-- How did you test your changeset?  -->
-
-<!-- For Coveo Employees only. Fill and uncomment this section.
-
------
-CDX-XXX
-
--->
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -30,6 +30,16 @@ jobs:
           git config --global user.email [email protected]
           git config --global user.name GitHub Action
           echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc
+      - name: Snyk test
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: |
+          npx snyk monitor --dev --all-projects
+          npx snyk test --dev --all-projects
+      - name: Snyk code
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: npx snyk code --dev --all-projects
       - name: Setup git SSH remote
         env:
           DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}

diff --git a/.github/workflows/snyk-master.yml b/.github/workflows/snyk-master.yml
@@ -0,0 +1,24 @@
+name: Snyk
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2
+      - name: Snyk test
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: |
+          npx snyk monitor --dev --all-projects
+          npx snyk test --dev --all-projects --sarif-file-output=./sarifs/snyk.sarif
+          npx snyk code --dev --all-projects --sarif-file-output=./sarifs/snyk-code.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v1
+        if: always()
+        with:
+          sarif_file: ./sarifs