Skip to content
CI/CD Pipeline

npm(deps): bump dotenv from 16.6.1 to 17.2.2 #30

Sign in to view logs

npm(deps): bump dotenv from 16.6.1 to 17.2.2

npm(deps): bump dotenv from 16.6.1 to 17.2.2 #30

Workflow file for this run

.github/workflows/ci-cd.yml at bdaebfa
name: CI/CD Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
schedule:
- cron: '0 0 * * 0' # Weekly security scan
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
test-powershell:
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- name: Run Pester tests
shell: pwsh
run: |
Install-Module -Name Pester -Force -SkipPublisherCheck
Invoke-Pester -Path ./tests -OutputFormat NUnitXml -OutputFile TestResults.xml
- name: Upload test results
uses: actions/upload-artifact@v3
if: always()
with:
name: powershell-test-results
path: TestResults.xml
- name: Run PSScriptAnalyzer
shell: pwsh
run: |
Install-Module -Name PSScriptAnalyzer -Force
Invoke-ScriptAnalyzer -Path . -Recurse -OutputFormat SARIF -OutFile PSAnalysis.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: PSAnalysis.sarif
test-python:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.9", "3.10", "3.11"]
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install pytest pytest-cov pytest-asyncio black flake8 bandit
- name: Lint with flake8
run: |
flake8 python-automation --count --select=E9,F63,F7,F82 --show-source --statistics
flake8 python-automation --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Format check with black
run: black --check python-automation
- name: Security scan with bandit
run: bandit -r python-automation -f json -o bandit-report.json
- name: Test with pytest
run: |
pytest python-automation/tests --cov=python-automation --cov-report=xml --cov-report=html
- name: Upload coverage reports
uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
flags: python
name: Python ${{ matrix.python-version }}
test-database:
runs-on: ubuntu-latest
services:
sqlserver:
image: mcr.microsoft.com/mssql/server:2019-latest
env:
ACCEPT_EULA: Y
SA_PASSWORD: YourStrong@Passw0rd
ports:
- 1433:1433
options: >-
--health-cmd "/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P YourStrong@Passw0rd -Q 'SELECT 1'"
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v3
- name: Initialize database
run: |
/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P YourStrong@Passw0rd -i database/init.sql
- name: Run database tests
run: |
/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P YourStrong@Passw0rd -Q "EXEC sp_GetLicenseUtilization"
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- name: OWASP Dependency Check
uses: dependency-check/Dependency-Check_Action@main
with:
project: 'Adobe-Automation'
path: '.'
format: 'HTML'
build-docker:
needs: [test-powershell, test-python]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to Container Registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: Build and push PowerShell image
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile.powershell
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/powershell:latest
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push Python image
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile.python
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/python:latest
cache-from: type=gha
cache-to: type=gha,mode=max
deploy-staging:
needs: [build-docker, security-scan]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop'
environment: staging
steps:
- uses: actions/checkout@v3
- name: Deploy to Kubernetes (Staging)
run: |
echo "Deploying to staging environment..."
# kubectl apply -f kubernetes/deployment.yaml -n staging
deploy-production:
needs: [build-docker, security-scan]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment: production
steps:
- uses: actions/checkout@v3
- name: Deploy to Kubernetes (Production)
run: |
echo "Deploying to production environment..."
# kubectl apply -f kubernetes/deployment.yaml -n production
- name: Run smoke tests
run: |
echo "Running smoke tests..."
# ./scripts/smoke-tests.sh
- name: Send deployment notification
if: always()
run: |
echo "Sending notification..."
# curl -X POST ${{ secrets.WEBHOOK_URL }} -d "Deployment status: ${{ job.status }}"