finished adding tooltips for the CVSS calculator metrics #54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| pull_request: | |
| branches: | |
| - '**' | |
| env: | |
| DOCKER_DRIVER: overlay2 | |
| DOCKER_TLS_CERTDIR: "" | |
| DOCKER_USER: ${{ secrets.DOCKER_USER }} | |
| DOCKER_KEY: ${{ secrets.DOCKER_KEY }} | |
| jobs: | |
| create_dotenv_file: | |
| runs-on: [ self-hosted ] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Create .env file | |
| run: | | |
| echo "NVD_API_KEY=${{ secrets.TEST_NVD_API_KEY }}" >> .env | |
| echo 'DJANGO_SECRET_KEY="${{ secrets.TEST_DJANGO_SECRET_KEY }}"' >> .env | |
| echo 'SALT="${{ secrets.TEST_SALT }}"' >> .env | |
| echo "ADMIN_USERNAME=admin@acme.de" >> .env | |
| echo "ADMIN_PASSWORD=secure!" >> .env | |
| echo "USER_USERNAME=user@acme.de" >> .env | |
| echo "USER_PASSWORD=secure!" >> .env | |
| echo "IS_DEV=True" >> .env | |
| echo "ANALYZER_LOG_LEVEL=DEBUG" >> .env | |
| echo "WEBSERVER_LOG_LEVEL=DEBUG" >> .env | |
| echo "POSTGRES_HOST=securecheckplus_db" >> .env | |
| echo "POSTGRES_USER=securecheckplus" >> .env | |
| echo "POSTGRES_DB=securecheckplus" >> .env | |
| echo "POSTGRES_PORT=5432" >> .env | |
| echo 'POSTGRES_PASSWORD="${{ secrets.TEST_DB_PASSWORD }}"' >> .env | |
| echo "EMAIL_HOST=localhost" >> .env | |
| echo "EMAIL_PORT=25" >> .env | |
| echo 'LDAP_ORGANISATION="ACME"' >> .env | |
| echo 'LDAP_DOMAIN="acme.de"' >> .env | |
| echo 'LDAP_HOST="localhost:390"' >> .env | |
| echo 'LDAP_BASE_DN="dc=acme,dc=de"' >> .env | |
| echo 'LDAP_ADMIN_DN="cn=admin,dc=acme,dc=de"' >> .env | |
| echo 'LDAP_ADMIN_PASSWORD=Hello!' >> .env | |
| echo 'LDAP_USER_BASE_DN="ou=People,dc=acme,dc=de"' >> .env | |
| echo 'LDAP_USER_SEARCH_FILTER="(&(objectClass=inetOrgPerson)(mail=VALUE))"' >> .env | |
| echo 'LDAP_ADMIN_GROUP_DN="cn=secure-check-plus-admins,ou=groups,dc=acme,dc=de"' >> .env | |
| echo 'LDAP_BASE_GROUP_DN="cn=secure-check-plus-users,ou=groups,dc=acme,dc=de"' >> .env | |
| echo "FULLY_QUALIFIED_DOMAIN_NAME=https://localhost" >> .env | |
| - name: Upload .env file as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: env_file | |
| path: .env | |
| include-hidden-files: true | |
| testing: | |
| runs-on: [ self-hosted ] | |
| needs: create_dotenv_file | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download .env artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: env_file | |
| path: backend | |
| - name: Docker Login | |
| run: echo "$DOCKER_KEY" | docker login -u "$DOCKER_USER" --password-stdin | |
| - name: Build Docker Compose | |
| run: docker compose -f docker-compose.ci.yml build --no-cache | |
| - name: Run Docker Compose | |
| env: | |
| WORK_DIR: ${{ github.workspace }} | |
| run: | | |
| echo "WORK_DIR=$WORK_DIR" | |
| RUNNER_UID=$(id -u) GID=$(id -g) docker compose -f docker-compose.ci.yml up -d | |
| - name: Wait for Database | |
| run: | | |
| until docker exec securecheckplus_db pg_isready -U securecheckplus; do | |
| echo "Waiting for database..." | |
| sleep 5 | |
| done | |
| - name: Run Tests | |
| # make sure to use the same user id and group is inside the container as outside so that the files generated | |
| # during the tests can be deleted by the runner user | |
| run: | | |
| docker exec -t --user $(id -u):$(id -g) securecheckplus_server coverage run manage.py test | |
| docker exec -t --user $(id -u):$(id -g) securecheckplus_server coverage report -m | |
| docker exec -t --user $(id -u):$(id -g) securecheckplus_server coverage xml | |
| docker exec -t --user $(id -u):$(id -g) securecheckplus_server coverage html | |
| - name: Upload coverage report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-report | |
| path: backend/coverage.xml | |
| - name: Upload coverage HTML | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: htmlcov | |
| path: backend/htmlcov | |
| cleanup: | |
| runs-on: [ self-hosted ] | |
| needs: testing | |
| if: always() | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download .env artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: env_file | |
| path: backend | |
| - name: Clean up Docker Compose Containers | |
| run: | | |
| docker compose -f docker-compose.ci.yml stop | |
| docker compose -f docker-compose.ci.yml down | |
| build_frontend_files: | |
| runs-on: [ self-hosted ] | |
| if: github.ref == 'refs/heads/main' | |
| needs: cleanup | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Build frontend | |
| working-directory: ./frontend | |
| run: | | |
| npm install | |
| npm run prod | |
| - name: Upload static files | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: frontend_build_files | |
| path: backend/assets/* | |
| build_and_push_container: | |
| runs-on: [ self-hosted ] | |
| permissions: | |
| packages: write | |
| contents: read | |
| attestations: write | |
| id-token: write | |
| if: github.ref == 'refs/heads/main' | |
| needs: [ build_frontend_files ] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download .env artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: env_file | |
| path: backend | |
| - name: Download frontend artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: frontend_build_files | |
| path: backend/assets | |
| - name: Docker Login | |
| run: echo "$DOCKER_KEY" | docker login -u "$DOCKER_USER" --password-stdin | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: accso/secure-check-plus | |
| - name: Build and push Docker image | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./backend | |
| no-cache: true | |
| target: prod | |
| push: true | |
| tags: accso/secure-check-plus:latest | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build_and_push_adapter: | |
| runs-on: [ self-hosted ] | |
| permissions: | |
| packages: write | |
| contents: read | |
| attestations: write | |
| id-token: write | |
| if: github.ref == 'refs/heads/main' | |
| needs: [ build_and_push_container ] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download .env artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: env_file | |
| path: backend | |
| - name: Docker Login | |
| run: echo "$DOCKER_KEY" | docker login -u "$DOCKER_USER" --password-stdin | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: accso/secure-check-plus-adapter | |
| - name: Build and push Docker image | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./adapter/adapter | |
| no-cache: true | |
| push: true | |
| tags: accso/secure-check-plus-adapter:latest | |
| labels: ${{ steps.meta.outputs.labels }} |