Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Checkov action to CI/CD pipeline #1087

Merged
merged 27 commits into from
May 20, 2024
Merged

Add Checkov action to CI/CD pipeline #1087

merged 27 commits into from
May 20, 2024

Conversation

james-garriss
Copy link
Collaborator

@james-garriss james-garriss commented May 3, 2024
edited

🗣 Description

The goal of this PR was to add the Checkov action to the CI/CD pipeline. While there, I also slightly reorg'd the pipeline to fail fast and rewrote the PS linter action (reduced the runtime from 3m30s to 1m).

Closes #980

💭 Motivation and context

This is part of our efforts to build a robust CI/CD pipeline that builds, tests, and releases ScubaGear.

🧪 Testing

I ran the pipeline, fixed a security bugs, and saw that everything was a lovely shade of green.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • PR targets the correct parent branch (e.g., main or release-name) for merge.
  • Changes are limited to a single goal - eschew scope creep!

Well, I did have a little bit of scope creep, as improving the PS linter wasn't technically part of the task. But I really wanted the pipeline to run faster. Now it does. :-D

  • Changes are sized such that they do not touch excessive number of files.
  • All future TODOs are captured in issues, which are referenced in code comments.
  • These code changes follow the ScubaGear content style guide.
  • Related issues these changes resolve are linked preferably via closing keywords.
  • All relevant type-of-change labels added.
  • All relevant project fields are set.
  • All relevant repo and/or project documentation updated to reflect these changes.
  • All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Pre-merge checklist

  • PR passed smoke test check.

  • Feature branch has been rebased against changes from parent branch, as needed

    Use Rebase branch button below or use this reference to rebase from the command line.

  • Resolved all merge conflicts on branch

  • Notified merge coordinator that PR is ready for merge via comment mention

✅ Post-merge checklist

  • Feature branch deleted after merge to clean up repository.
  • Verified that all checks pass on parent branch (e.g., main or release-name) after merge.

@james-garriss james-garriss added the enhancement This issue or pull request will add new or improve existing functionality label May 3, 2024
@james-garriss james-garriss added this to the Halibut milestone May 3, 2024
@james-garriss james-garriss self-assigned this May 3, 2024
buidav
buidav requested changes May 7, 2024
View reviewed changes
Copy link
Collaborator

@buidav buidav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comments

.github/workflows/lint_powershell.yaml Outdated Show resolved Hide resolved
.github/workflows/lint_powershell.yaml Outdated Show resolved Hide resolved
...ScubaGear/Testing/Unit/PowerShell/CreateReport/CreateReportStubs/ProviderSettingsExport.json Outdated Show resolved Hide resolved
@james-garriss james-garriss requested review from buidav, schrolla and dagarwal-mitre and removed request for dagarwal-mitre and schrolla May 15, 2024 16:37
@james-garriss
Copy link
Collaborator Author

@nanda-katikaneni , this one is ready. Thanks!

@nanda-katikaneni nanda-katikaneni merged commit 034d883 into main May 20, 2024
14 checks passed
@nanda-katikaneni nanda-katikaneni deleted the 980-add-checkov-to-pipeline branch May 20, 2024 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@buidav buidav buidav approved these changes

@dagarwal-mitre dagarwal-mitre dagarwal-mitre approved these changes

Assignees

@james-garriss james-garriss

Labels
enhancement This issue or pull request will add new or improve existing functionality
Projects
None yet
Milestone
Halibut
Development

Successfully merging this pull request may close these issues.

Add Checkov to CI/CD pipeline
4 participants
@james-garriss @buidav @dagarwal-mitre @nanda-katikaneni