diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml deleted file mode 100644 index 1c64799..0000000 --- a/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Ansible - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -jobs: - Lint: - runs-on: ubuntu-latest - defaults: - run: - working-directory: "ansible-sdv-pipeline" - - steps: - - uses: actions/checkout@v4 - - name: Set up Python 3.x - uses: actions/setup-python@v3 - with: - python-version: 3.x - - name: Install Ansible-lint - run: | - python -m pip install --upgrade pip - pip install ansible-lint - - name: Running Ansible-lint - run: ansible-lint ./* diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml new file mode 100644 index 0000000..6befbe4 --- /dev/null +++ b/.github/workflows/continuous-integration.yml @@ -0,0 +1,153 @@ +name: Continuous Integration + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + +permissions: + contents: write + pull-requests: write + pages: write + id-token: write + +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + Bot-pyLint: + runs-on: ubuntu-latest + defaults: + run: + working-directory: "ansible-sdv-pipeline" + + steps: + - uses: actions/checkout@v4 + - name: Set up Python 3.x + uses: actions/setup-python@v3 + with: + python-version: 3.x + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install pylint flake8 ansible==10.2.0 + pip install -r requirements.txt + - name: Analysing the code with pylint + run: | + pylint $(git ls-files '*.py') --fail-under 5 --fail-on F,E,W,C,R + - name: Checking code styling + run: | + flake8 . + # + Bot-ansible-lint: + runs-on: ubuntu-latest + defaults: + run: + working-directory: "ansible-sdv-pipeline" + + steps: + - uses: actions/checkout@v4 + - name: Set up Python 3.x + uses: actions/setup-python@v3 + with: + python-version: 3.x + - name: Install Ansible-lint + run: | + python -m pip install --upgrade pip + pip install ansible-lint + - name: Running Ansible-lint + run: ansible-lint ./* + # + Bot-test: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Use Node.js 18.x + uses: actions/setup-node@v3 + with: + node-version: "18.x" + cache: "npm" + cache-dependency-path: "**/package-lock.json" + - name: Installing dependencies + run: npm ci + - name: Linting the commit message + run: npx commitlint -V --from=HEAD~1 + - name: Linting the application code + run: npm run lint-bot + - name: Running unit tests + run: npm run unit-test + Docs-build: + runs-on: ubuntu-latest + defaults: + run: + working-directory: "docs" + + steps: + - uses: actions/checkout@v4 + + - name: Use Node.js 18.x + uses: actions/setup-node@v3 + with: + node-version: "18.x" + cache: "npm" + cache-dependency-path: "**/package-lock.json" + + - name: Installing dependencies + run: npm ci + + - name: Linting the docs code + run: npm run lint + working-directory: "docs" + + - name: Setup Pages + uses: actions/configure-pages@v4 + with: + static_site_generator: next + + - name: Building docs + run: npm run build + + - name: Uploading artifacts + if: ${{ github.ref == 'refs/heads/main' }} + uses: actions/upload-pages-artifact@v3 + with: + path: ./docs/out + # + Docs-deploy: + if: ${{ github.ref == 'refs/heads/main' }} + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + + runs-on: ubuntu-latest + defaults: + run: + working-directory: "docs" + needs: Docs-build + + steps: + - name: Publish to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4 + # + Dependabot-merge: + needs: [bot-pyLint, Bot-ansible-lint, Bot-test, Docs-build] + runs-on: ubuntu-latest + if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'cicsdev/cics-security-sdv-samples' + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Enable auto-merge for Dependabot PRs + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/dependabot-merge.yml b/.github/workflows/dependabot-merge.yml deleted file mode 100644 index 3689a19..0000000 --- a/.github/workflows/dependabot-merge.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Dependabot auto-merge -on: pull_request - -permissions: - contents: write - pull-requests: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'cicsdev/cics-security-sdv-samples' - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v2 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Enable auto-merge for Dependabot PRs - if: steps.metadata.outputs.update-type == 'version-update:semver-patch' - run: gh pr merge --auto --merge "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GH_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml deleted file mode 100644 index 417988a..0000000 --- a/.github/workflows/docs.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: SDV Documentation - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -permissions: - contents: read - pages: write - id-token: write - -concurrency: - group: "pages" - cancel-in-progress: false - -jobs: - build: - runs-on: ubuntu-latest - defaults: - run: - working-directory: "docs" - - steps: - - uses: actions/checkout@v4 - - - name: Use Node.js 18.x - uses: actions/setup-node@v3 - with: - node-version: "18.x" - cache: "npm" - cache-dependency-path: "**/package-lock.json" - - - name: Installing dependencies - run: npm ci - - - name: Linting the docs code - run: npm run lint - working-directory: "docs" - - - name: Setup Pages - uses: actions/configure-pages@v4 - with: - static_site_generator: next - - - name: Building docs - run: npm run build - - - name: Uploading artifacts - if: ${{ github.ref == 'refs/heads/main' }} - uses: actions/upload-pages-artifact@v3 - with: - path: ./docs/out - - deploy: - if: ${{ github.ref == 'refs/heads/main' }} - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - - runs-on: ubuntu-latest - defaults: - run: - working-directory: "docs" - needs: build - - steps: - - name: Publish to GitHub Pages - id: deployment - uses: actions/deploy-pages@v4 diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml deleted file mode 100644 index 492f7ba..0000000 --- a/.github/workflows/node.js.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: SDV Approval Bot Build - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -jobs: - Test: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Use Node.js 18.x - uses: actions/setup-node@v3 - with: - node-version: "18.x" - cache: "npm" - cache-dependency-path: "**/package-lock.json" - - name: Installing dependencies - run: npm ci - - name: Linting the commit message - run: npx commitlint -V --from=HEAD~1 - - name: Linting the application code - run: npm run lint-bot - - name: Running unit tests - run: npm run unit-test diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml deleted file mode 100644 index ec94ce9..0000000 --- a/.github/workflows/pylint.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Python - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -jobs: - Lint: - runs-on: ubuntu-latest - defaults: - run: - working-directory: "ansible-sdv-pipeline" - - steps: - - uses: actions/checkout@v4 - - name: Set up Python 3.x - uses: actions/setup-python@v3 - with: - python-version: 3.x - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install pylint flake8 ansible==10.2.0 - pip install -r requirements.txt - - name: Analysing the code with pylint - run: | - pylint $(git ls-files '*.py') --fail-under 5 --fail-on F,E,W,C,R - - name: Checking code styling - run: | - flake8 . diff --git a/README.md b/README.md index e827d52..38dea6b 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,6 @@ # cics-security-sdv-samples -[![SDV Approval Bot Build](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/node.js.yml/badge.svg)](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/node.js.yml) -[![SDV Documentation](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/docs.yml/badge.svg)](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/docs.yml) -[![Ansible Lint](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/ansible-lint.yml) -[![Python Lint](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/pylint.yml/badge.svg)](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/pylint.yml) - +[![CI/CD Pipeline](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/continuous-integration.yml/badge.svg)](https://github.com/cicsdev/cics-security-sdv-samples/actions/workflows/continuous-integration.yml) This sample repository provides example tooling that contributes towards achieving **[Security definition validation for CICS TS (SDV)](https://www.ibm.com/docs/en/cics-ts/6.x?topic=hiwztic-how-it-works-capturing-validating-security-definitions-during-development-process#hiw-devsecops__title__7)** in a CI/CD pipeline.