From ab66694607305311cafdd23b1893ba2c36376ab1 Mon Sep 17 00:00:00 2001 From: Salman Hooshmand <59615308+shooshmand-sol@users.noreply.github.com> Date: Tue, 25 Jul 2023 10:50:29 -0400 Subject: [PATCH 1/6] add_new_workflow --- .../workflows/release-readiness-check.yaml | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/release-readiness-check.yaml diff --git a/.github/workflows/release-readiness-check.yaml b/.github/workflows/release-readiness-check.yaml new file mode 100644 index 00000000..6e260031 --- /dev/null +++ b/.github/workflows/release-readiness-check.yaml @@ -0,0 +1,52 @@ +name: Release Readiness Checks +on: + workflow_dispatch: + +jobs: + release: + runs-on: ubuntu-latest + environment: prod + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set up Python 3.8 + uses: actions/setup-python@v4 + with: + python-version: 3.8 + cache: 'pip' + - name: Pre-Release Check - Whitesource vulnurabilities + env: + WS_APIKEY: ${{ secrets.WHITESOURCE_API_KEY }} + WS_PROJECTTOKEN: ${{ secrets.WHITESOURCE_PROJECT_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.EMA_AWS_DEFAULT_REGION }} + run: | + pip install --quiet --upgrade pip + export VIRTUAL_ENV=./venv + python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate + cd ./.github/workflows/release_scripts/ && pip install --quiet -r requirements.txt && python3.8 whitesource_vulnurability_checker.py + - name: Pre-Release Check - SonarQube Hotspots + if: always() + env: + SONARQUBE_HOTSPOTS_API_URL: ${{ secrets.SONARQUBE_HOTSPOTS_API_URL }} + SONARQUBE_QUERY_TOKEN: ${{ secrets.SONARQUBE_QUERY_TOKEN }} + run: | + export VIRTUAL_ENV=./venv + python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate + cd ./.github/workflows/release_scripts/ && python3.8 sonarqube_vulnurability_checker.py + - name: Pre-Release Check - Prisma vulnurabilities + if: always() + env: + PRISMA_ROOT_API_URL: ${{ secrets.PRISMA_ROOT_API_URL }} + DOCKER_IMAGE_TO_CHECK: ${{ secrets.PRISMA_DOCKER_IMAGE_TO_CHECK }} + PRISMA_ACCESS_KEY: ${{ secrets.PRISMA_ACCESS_KEY }} + PRISMA_ACCESS_KEY_SECRET: ${{ secrets.PRISMA_ACCESS_KEY_SECRET }} + AWS_ACCESS_KEY_ID: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.EMA_AWS_DEFAULT_REGION }} + run: | + export VIRTUAL_ENV=./venv + python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate + cd ./.github/workflows/release_scripts/ && python3.8 prisma_vulnurability_checker.py \ No newline at end of file From f890439ef10f049a022e90933c0121657c9ee0c1 Mon Sep 17 00:00:00 2001 From: Salman Hooshmand <59615308+shooshmand-sol@users.noreply.github.com> Date: Tue, 25 Jul 2023 15:03:31 -0400 Subject: [PATCH 2/6] fix --- .github/workflows/release-readiness-check.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-readiness-check.yaml b/.github/workflows/release-readiness-check.yaml index 6e260031..38df6f6f 100644 --- a/.github/workflows/release-readiness-check.yaml +++ b/.github/workflows/release-readiness-check.yaml @@ -1,6 +1,8 @@ name: Release Readiness Checks on: - workflow_dispatch: + push: + branches: + - main jobs: release: From 84cabc1babf05f29d403b9032514f2b6d0e329ae Mon Sep 17 00:00:00 2001 From: Salman Hooshmand <59615308+shooshmand-sol@users.noreply.github.com> Date: Tue, 25 Jul 2023 15:05:26 -0400 Subject: [PATCH 3/6] fix --- .github/workflows/release-readiness-check.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-readiness-check.yaml b/.github/workflows/release-readiness-check.yaml index 38df6f6f..a455592b 100644 --- a/.github/workflows/release-readiness-check.yaml +++ b/.github/workflows/release-readiness-check.yaml @@ -2,7 +2,7 @@ name: Release Readiness Checks on: push: branches: - - main + - add_workflow_check_prisma_ws jobs: release: From 41df002a81e0cedd51a5900c5f72637d825bbf81 Mon Sep 17 00:00:00 2001 From: Salman Hooshmand <59615308+shooshmand-sol@users.noreply.github.com> Date: Tue, 25 Jul 2023 15:08:14 -0400 Subject: [PATCH 4/6] fix --- .github/workflows/release-readiness-check.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-readiness-check.yaml b/.github/workflows/release-readiness-check.yaml index a455592b..34f4890d 100644 --- a/.github/workflows/release-readiness-check.yaml +++ b/.github/workflows/release-readiness-check.yaml @@ -5,7 +5,7 @@ on: - add_workflow_check_prisma_ws jobs: - release: + pre_release_checks: runs-on: ubuntu-latest environment: prod steps: @@ -30,7 +30,7 @@ jobs: python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate cd ./.github/workflows/release_scripts/ && pip install --quiet -r requirements.txt && python3.8 whitesource_vulnurability_checker.py - name: Pre-Release Check - SonarQube Hotspots - if: always() + ${{ always() }} env: SONARQUBE_HOTSPOTS_API_URL: ${{ secrets.SONARQUBE_HOTSPOTS_API_URL }} SONARQUBE_QUERY_TOKEN: ${{ secrets.SONARQUBE_QUERY_TOKEN }} @@ -39,7 +39,7 @@ jobs: python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate cd ./.github/workflows/release_scripts/ && python3.8 sonarqube_vulnurability_checker.py - name: Pre-Release Check - Prisma vulnurabilities - if: always() + ${{ always() }} env: PRISMA_ROOT_API_URL: ${{ secrets.PRISMA_ROOT_API_URL }} DOCKER_IMAGE_TO_CHECK: ${{ secrets.PRISMA_DOCKER_IMAGE_TO_CHECK }} From fe19c7b4a21308713aea684ccc4e220ee9d6fe7d Mon Sep 17 00:00:00 2001 From: Salman Hooshmand <59615308+shooshmand-sol@users.noreply.github.com> Date: Tue, 25 Jul 2023 15:08:43 -0400 Subject: [PATCH 5/6] fix --- .github/workflows/release-readiness-check.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-readiness-check.yaml b/.github/workflows/release-readiness-check.yaml index 34f4890d..3c28779d 100644 --- a/.github/workflows/release-readiness-check.yaml +++ b/.github/workflows/release-readiness-check.yaml @@ -30,7 +30,7 @@ jobs: python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate cd ./.github/workflows/release_scripts/ && pip install --quiet -r requirements.txt && python3.8 whitesource_vulnurability_checker.py - name: Pre-Release Check - SonarQube Hotspots - ${{ always() }} + if: ${{ always() }} env: SONARQUBE_HOTSPOTS_API_URL: ${{ secrets.SONARQUBE_HOTSPOTS_API_URL }} SONARQUBE_QUERY_TOKEN: ${{ secrets.SONARQUBE_QUERY_TOKEN }} @@ -39,7 +39,7 @@ jobs: python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate cd ./.github/workflows/release_scripts/ && python3.8 sonarqube_vulnurability_checker.py - name: Pre-Release Check - Prisma vulnurabilities - ${{ always() }} + if: ${{ always() }} env: PRISMA_ROOT_API_URL: ${{ secrets.PRISMA_ROOT_API_URL }} DOCKER_IMAGE_TO_CHECK: ${{ secrets.PRISMA_DOCKER_IMAGE_TO_CHECK }} From 5500d3801f1cfde6919f6788278d0e1aca5282da Mon Sep 17 00:00:00 2001 From: Salman Hooshmand <59615308+shooshmand-sol@users.noreply.github.com> Date: Tue, 25 Jul 2023 15:13:00 -0400 Subject: [PATCH 6/6] fix --- .github/workflows/release-readiness-check.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/release-readiness-check.yaml b/.github/workflows/release-readiness-check.yaml index 3c28779d..5b456813 100644 --- a/.github/workflows/release-readiness-check.yaml +++ b/.github/workflows/release-readiness-check.yaml @@ -1,8 +1,6 @@ name: Release Readiness Checks on: - push: - branches: - - add_workflow_check_prisma_ws + workflow_dispatch: jobs: pre_release_checks: