Fix secret scanning vuln payload (#2315) #12667
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push | |
on: | |
# Only build on main branch when pushed (when PR is merged) | |
push: | |
branches: | |
- main | |
# Only build in PR on creation/update | |
pull_request: | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v1 | |
- uses: volta-cli/action@v4 | |
- uses: actions/cache@v2 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | |
- run: yarn install --frozen-lockfile | |
- run: yarn run lint | |
- run: yarn run build:release | |
unit-test: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v1 | |
- uses: volta-cli/action@v4 | |
- uses: actions/cache@v2 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | |
- run: yarn install --frozen-lockfile | |
- run: yarn run playwright install | |
- name: create .env file | |
run: | | |
echo "${{ secrets.E2E_GITHUB_PRIVATE_KEY }}" > jira-test.pem | |
echo "APP_URL=http://localhost" > .env | |
echo "WEBHOOK_PROXY_URL=http://localhost" >> .env | |
echo "APP_KEY=com.github.integration.fusion-test" >> .env | |
echo "NODE_ENV=test" >> .env | |
echo "APP_NAME=jira" >> .env | |
echo "APP_ID=${{ secrets.E2E_GITHUB_APP_ID }}" >> .env | |
echo "WEBHOOK_SECRETS=${{ secrets.E2E_GITHUB_WEBHOOK_SECRETS }}" >> .env | |
echo "COOKIE_SESSION_KEY=${{ secrets.E2E_COOKIE_SESSION_KEY }}" >> .env | |
echo "GITHUB_CLIENT_ID=${{ secrets.E2E_GITHUB_CLIENT_ID }}" >> .env | |
echo "GITHUB_CLIENT_SECRET=${{ secrets.E2E_GITHUB_CLIENT_SECRET }}" >> .env | |
echo "PRIVATE_KEY_PATH=jira-test.pem" >> .env | |
echo "ATLASSIAN_URL=${{ secrets.E2E_ATLASSIAN_URL }}" >> .env | |
- run: docker-compose up -d app | |
- name: wait for app to be ready | |
run: curl --head -X GET -f --retry 30 --retry-all-errors --retry-delay 5 http://localhost:8080/healthcheck | |
- run: yarn run db:test | |
- name: Run tests | |
env: | |
REDISX_CACHE_HOST: localhost | |
REDISX_CACHE_PORT: 6379 | |
DATABASE_URL: postgres://postgres:postgres@localhost:5432/jira-test | |
AWS_DEFAULT_REGION: us-west-1 | |
AWS_ACCESS_KEY_ID: localkey | |
AWS_SECRET_ACCESS_KEY: localsecret | |
AWS_EC2_METADATA_DISABLED: true | |
NODE_OPTIONS: "--max_old_space_size=4096" | |
run: yarn test | |
- uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: test-coverage | |
retention-days: 14 | |
path: | | |
coverage/ | |
e2e-test: | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
# This will prevent multiple e2e tests from running concurrently, only one at a time to prevent collisions | |
concurrency: e2e | |
steps: | |
- uses: actions/checkout@v1 | |
- uses: volta-cli/action@v4 | |
- uses: docker-practice/actions-setup-docker@master | |
- uses: actions/cache@v2 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | |
- run: yarn install --frozen-lockfile | |
- run: yarn spa:build | |
- name: create .env file | |
run: | | |
echo "${{ secrets.E2E_GITHUB_PRIVATE_KEY }}" > jira-e2e-test.pem | |
echo "APP_URL=http://localhost" > .env | |
echo "WEBHOOK_PROXY_URL=http://localhost" >> .env | |
echo "NGROK_AUTHTOKEN=${{ secrets.E2E_NGROK_AUTHTOKEN }}" >> .env | |
echo "APP_KEY=com.github.integration.fusion-arc-e2e" >> .env | |
echo "NODE_ENV=e2e" >> .env | |
echo "APP_NAME=jira-e2e" >> .env | |
echo "APP_ID=${{ secrets.E2E_GITHUB_APP_ID }}" >> .env | |
echo "WEBHOOK_SECRETS=${{ secrets.E2E_GITHUB_WEBHOOK_SECRETS }}" >> .env | |
echo "COOKIE_SESSION_KEY=${{ secrets.E2E_COOKIE_SESSION_KEY }}" >> .env | |
echo "GITHUB_CLIENT_ID=${{ secrets.E2E_GITHUB_CLIENT_ID }}" >> .env | |
echo "GITHUB_CLIENT_SECRET=${{ secrets.E2E_GITHUB_CLIENT_SECRET }}" >> .env | |
echo "PRIVATE_KEY_PATH=jira-e2e-test.pem" >> .env | |
echo "ATLASSIAN_URL=${{ secrets.E2E_ATLASSIAN_URL }}" >> .env | |
echo "JIRA_ADMIN_USERNAME=${{ secrets.E2E_JIRA_USERNAME }}" >> .env | |
echo "JIRA_ADMIN_PASSWORD=${{ secrets.E2E_JIRA_PASSWORD }}" >> .env | |
echo "GITHUB_USERNAME=${{ secrets.E2E_GITHUB_USERNAME }}" >> .env | |
echo "GITHUB_PASSWORD=${{ secrets.E2E_GITHUB_PASSWORD }}" >> .env | |
echo "GITHUB_URL=https://github.com" >> .env | |
echo "LOG_LEVEL=debug" >> .env | |
- run: COMPOSE_PROFILES=e2e docker-compose up -d | |
- name: wait for app to be ready | |
run: curl --head -X GET -f --retry 30 --retry-all-errors --retry-delay 5 http://localhost:8080/healthcheck | |
- run: yarn run test:e2e | |
- name: export system logs | |
if: always() | |
run: | | |
free -h > memory.log | |
top -c -b -n 1 > processes.log | |
cat /var/log/syslog > sys.log | |
journalctl -k > journal.log | |
- name: export docker logs | |
if: always() | |
run: | | |
docker ps -a > docker-ps.log | |
docker stats --no-stream > docker-stats.log | |
docker-compose logs --no-color > docker-compose.log | |
- uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: e2e-output | |
retention-days: 14 | |
path: | | |
test/e2e/test-results/ | |
*.log | |
docker: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Build Docker image | |
uses: docker/[email protected] | |
with: | |
file: Dockerfile |