From 2c618d91505e2364f176361b0401aa3618ac020f Mon Sep 17 00:00:00 2001 From: Arpit Jain Date: Thu, 27 Apr 2023 13:54:03 +0900 Subject: [PATCH 1/3] Added CodeQL code --- .github/workflows/codeql.yml | 31 ++++++ .github/workflows/pr-lint.yml | 21 ----- .github/workflows/test-and-deploy.yml | 131 -------------------------- 3 files changed, 31 insertions(+), 152 deletions(-) create mode 100644 .github/workflows/codeql.yml delete mode 100644 .github/workflows/pr-lint.yml delete mode 100644 .github/workflows/test-and-deploy.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..775b7c7b53 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,31 @@ +jobs: + analyze: + name: Analyze + permissions: + actions: read + contents: read + security-events: write + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: security-and-quality + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + strategy: + fail-fast: false + matrix: + language: + - python + timeout-minutes: 12000 +name: CodeQL +'on': + push: + branches: + - main diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml deleted file mode 100644 index 31520079ca..0000000000 --- a/.github/workflows/pr-lint.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Lint PR -on: - pull_request_target: - types: [ opened, edited, synchronize, reopened ] - -jobs: - validate: - name: Validate title - runs-on: ubuntu-latest - steps: - - uses: amannn/action-semantic-pull-request@v5 - with: - types: | - chore - docs - fix - feat - misc - test - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test-and-deploy.yml b/.github/workflows/test-and-deploy.yml deleted file mode 100644 index 9bba6d8bac..0000000000 --- a/.github/workflows/test-and-deploy.yml +++ /dev/null @@ -1,131 +0,0 @@ -name: Test and Deploy -on: - push: - branches: [ '*' ] - tags: [ '*' ] - pull_request: - branches: [ main ] - schedule: - # Run automatically at 8AM PST Monday-Friday - - cron: '0 15 * * 1-5' - workflow_dispatch: - -jobs: - test: - name: Test - runs-on: ubuntu-latest - timeout-minutes: 20 - strategy: - matrix: - python-version: [ '3.7', '3.8', '3.9', '3.10', '3.11' ] - steps: - - name: Checkout twilio-python - uses: actions/checkout@v3 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: ${{ matrix.python-version }} - - - name: Install Dependencies - run: | - pip install virtualenv --upgrade - make install test-install - - - name: Run the tests - run: make test-with-coverage - - - name: Run Cluster Tests - if: (!github.event.pull_request.head.repo.fork) - env: - TWILIO_ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }} - TWILIO_API_KEY: ${{ secrets.TWILIO_CLUSTER_TEST_API_KEY}} - TWILIO_API_SECRET: ${{ secrets.TWILIO_CLUSTER_TEST_API_KEY_SECRET }} - TWILIO_FROM_NUMBER: ${{ secrets.TWILIO_FROM_NUMBER }} - TWILIO_TO_NUMBER: ${{ secrets.TWILIO_TO_NUMBER }} - TWILIO_AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }} - run: make cluster-test - - - name: Verify docs generation - run: make docs - - # only send coverage for PRs and branch updates - - name: SonarCloud Scan - if: (github.event_name == 'pull_request' || github.ref_type == 'branch') && !github.event.pull_request.head.repo.fork && matrix.python-version == '3.10' - uses: SonarSource/sonarcloud-github-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - deploy: - name: Deploy - if: success() && github.ref_type == 'tag' - needs: [ test ] - runs-on: ubuntu-latest - steps: - - name: Checkout twilio-python - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: '3.10' - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install build - - - name: Build package - run: python -m build - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_AUTH_TOKEN }} - - # The expression strips off the shortest match from the front of the string to yield just the tag name as the output - - name: Get tagged version - run: echo "GITHUB_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - - - name: Create GitHub Release - uses: sendgrid/dx-automator/actions/release@main - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and Push image - run: make docker-build docker-push - - - name: Publish package to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: __token__ - password: ${{ secrets.PYPI_TOKEN }} - - - name: Submit metric to Datadog - uses: sendgrid/dx-automator/actions/datadog-release-metric@main - env: - DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} - - notify-on-failure: - name: Slack notify on failure - if: failure() && github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref_type == 'tag') - needs: [ test, deploy ] - runs-on: ubuntu-latest - steps: - - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_COLOR: failure - SLACK_ICON_EMOJI: ':github:' - SLACK_MESSAGE: ${{ format('Test *{0}*, Deploy *{1}*, {2}/{3}/actions/runs/{4}', needs.test.result, needs.deploy.result, github.server_url, github.repository, github.run_id) }} - SLACK_TITLE: Action Failure - ${{ github.repository }} - SLACK_USERNAME: GitHub Actions - SLACK_MSG_AUTHOR: twilio-dx - SLACK_FOOTER: Posted automatically using GitHub Actions - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - MSG_MINIMAL: true From c0e92c6bd9b106bfaae43bbcf686ca4bfcf27409 Mon Sep 17 00:00:00 2001 From: Arpit Jain <40381412+arpitjain799@users.noreply.github.com> Date: Fri, 28 Apr 2023 06:27:02 +0900 Subject: [PATCH 2/3] Delete .github/workflows/codeql.yml --- .github/workflows/codeql.yml | 31 ------------------------------- 1 file changed, 31 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 775b7c7b53..0000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,31 +0,0 @@ -jobs: - analyze: - name: Analyze - permissions: - actions: read - contents: read - security-events: write - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - queries: security-and-quality - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - strategy: - fail-fast: false - matrix: - language: - - python - timeout-minutes: 12000 -name: CodeQL -'on': - push: - branches: - - main From e9fad4d4bbbffa5c984599a2e4e1bb8ac5596786 Mon Sep 17 00:00:00 2001 From: Arpit Jain <40381412+arpitjain799@users.noreply.github.com> Date: Fri, 28 Apr 2023 06:27:02 +0900 Subject: [PATCH 3/3] Add new file --- .github/workflows/codeql.yml | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..94d110b330 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,37 @@ +name: "CodeQL" +on: + workflow_dispatch: + #push: + # branches: [master] + #pull_request: + # branches: [master] + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["python"] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 \ No newline at end of file