build #110
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| schedule: | |
| - cron: "59 23 * * 6" | |
| env: | |
| AUTHOR: AUTHOR | |
| permissions: | |
| contents: read | |
| security-events: write | |
| jobs: | |
| notify-me: | |
| name: Notify ME | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Push intial notifiation to SLACK | |
| id: slack | |
| uses: slackapi/[email protected] | |
| with: | |
| channel-id: 'C05CN71FX0F' | |
| slack-message: | | |
| Workflow Triggered for Subrake / SubTAP | |
| Triggered By: ${{ github.actor }} | |
| Commit: ${{ github.sha }} | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| build-and-test: | |
| name: Build and Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| - name: Install package | |
| run: | | |
| pip install -r ./requirements.txt | |
| python setup.py install | |
| - name: Print the manual | |
| run: | | |
| subrake --help | |
| # deploy: | |
| # name: Deploy | |
| # runs-on: ubuntu-latest | |
| # environment: demo | |
| # needs: build-and-test | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v3 | |
| # - name: Setup SSH Keys | |
| # uses: webfactory/[email protected] | |
| # with: | |
| # ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| # - name: Add Public Keys to hosts files | |
| # run: | | |
| # ssh-keyscan -H ${{secrets.SERVER}} > ~/.ssh/known_hosts | |
| # - name: Push code to the Server | |
| # run: | | |
| # rsync -r --progress --delete ./ ${{ secrets.USER }}@${{ secrets.SERVER }}:/home/${{ secrets.USER }}/subrake | |
| final-notify: | |
| name: Success Notification | |
| runs-on: ubuntu-latest | |
| needs: build-and-test | |
| steps: | |
| - name: Sending the success notification | |
| id: slack | |
| uses: slackapi/[email protected] | |
| with: | |
| channel-id: 'C05CN71FX0F' | |
| slack-message: | | |
| Build Successful for Subrake / SubTAP | |
| Run the following command on demo server to for final deploy: | |
| Command: ./installer.sh --deploy | |
| Triggered By: ${{ github.actor }} | |
| Commit: ${{ github.sha }} | |
| Repository: ${{ github.repositoryUrl }} | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| deploy-error: | |
| name: Error while building and deploying | |
| runs-on: ubuntu-latest | |
| if: ${{ needs.build.result == 'failure' || needs.test.result == 'failure' }} | |
| steps: | |
| - name: Push Error Notification to SLACK! | |
| id: slack | |
| uses: slackapi/[email protected] | |
| with: | |
| channel-id: 'C05CN71FX0F' | |
| slack-message: | | |
| Build Failed for Subrake / SubTAP | |
| Triggered By: ${{ github.actor }} | |
| Commit: ${{ github.sha }} | |
| Repository: ${{ github.repositoryUrl }} | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| sast-process: | |
| name: Static Analaysis of CODE | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Run Snyk to check for vulnerabilities | |
| uses: snyk/actions/python@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| args: --sarif-file-output=snyk.sarif | |
| - name: Push Notifcation for the Security Error | |
| id: slack | |
| uses: slackapi/[email protected] | |
| if: failure() | |
| with: | |
| channel-id: 'C05CN71FX0F' | |
| slack-message: | | |
| Vulnerability discovered for Subrake / SubTAP | |
| Results are uploaded to Github Security section as well. | |
| Triggered By: ${{ github.actor }} | |
| Commit: ${{ github.sha }} | |
| Repository: ${{ github.repositoryUrl }} | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| - name: Upload result to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: snyk.sarif |