Merge pull request #18 from rrigato/dev

prevent code ql from being turned off

.github/workflows/burnday_codeql.yml

@@ -0,0 +1,70 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  schedule:
+    #runs on first day of month
+    - cron: '20 15 1 * *'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      security-events: write
+
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
+
+  prevent-script-disable:
+    permissions:
+      contents: write
+      id-token: write
+    needs: analyze
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: checkout-current-branch
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      ##################
+      #Unnecessary orchestration because public workflows are auto
+      #disabled after 60 days
+      #
+      #https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow
+      ##################
+      - name: script-execution-permissions-disable
+        run: chmod +x scripts/prevent_disable.sh
+
+      - name: prevent-disabled-workflow
+        shell: bash
+        run: scripts/prevent_disable.sh

.github/workflows/burnday_pipeline.yml

@@ -2,8 +2,8 @@ name: application pipeline
 on:
   push:
     branches:
-      - master
       - dev
+      - master
 jobs:
   run-build-test:
     runs-on: ubuntu-latest

scripts/app_deployment.sh

@@ -13,7 +13,11 @@ git add -A
 
 git commit -m "$1"
 
-source avenv/bin/activate
+if [[ -z "$VIRTUAL_ENV" ]]; then
+    source avenv/bin/activate
+else
+    pip install -r requirements/requirements-dev.txt
+fi
 
 secret_scan_results=$(detect-secrets scan | \
 python3 -c "import sys, json; print(json.load(sys.stdin)['results'])" )
@@ -26,7 +30,6 @@ fi
 
 python -m unittest
 
-deactivate
 
 git push origin dev
 

scripts/prevent_disable.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+set -e
+
+#setup git config
+git config user.name "github_action_bot"
+git config user.email "no_email_address"
+
+#puts the static string replace where the second . is
+# example
+# v1.1.0 -> v1.1replace0
+current_tag=$(git tag | tail -1 | sed 's/\./replace/2')
+echo "current_tag - ${current_tag}"
+echo "current_minor_version - ${current_tag##*replace}"
+
+# takes everything after the string 'replace' and adds 1
+# v1.1replace0 -> 1
+new_minor_version=$((${current_tag##*replace} + 1))
+echo "new_minor_version - ${new_minor_version}"
+
+# takes everything before the string 'replace'
+# v1.1replace0 -> v1.1
+tag_without_minor_version="${current_tag%replace*}."
+echo "tag_without_minor_version - ${tag_without_minor_version}"
+
+#concatenates new tag
+new_tag=${tag_without_minor_version}${new_minor_version}
+echo "new_tag - ${new_tag}"
+
+
+tag_message="prevent_disable - ${tag_without_minor_version}${new_minor_version}"
+echo "tag_message - ${tag_message}"
+
+
+# only add a tag on the 1st day of the month
+if [ $(date +%d) = "01" ]; then
+
+    git tag $new_tag -m "$tag_message"
+    echo "added unnecessary tag"
+
+    git push origin $new_tag
+    echo "tag addition complete"
+
+fi
+
+
+git tag