Skip to content

Feat/add vul log time range #2243

Feat/add vul log time range

Feat/add vul log time range #2243

Workflow file for this run

name: "Test state"
on:
push:
branches:
- main
- '*'
pull_request:
# The branches below must be a subset of the branches above
branches: [main, develop]
schedule:
- cron: '0 0 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
init:
if: (github.repository_owner == 'HXSecurityBusiness' && github.event_name == 'schedule') || github.repository_owner == 'HXSecurity'
runs-on: ubuntu-latest
steps:
- name: init
run: |
echo "HXSecurityBusiness"
Run-API-TEST:
runs-on: ubuntu-latest
needs:
- init
services:
mysql:
image: dongtai/dongtai-mysql-unittest:latest
ports:
- 3306:3306
options: >-
--health-cmd "mysqladmin ping --silent"
--health-interval 10s
--health-timeout 180s
--health-retries 10
redis:
image: dongtai/dongtai-redis:latest
ports:
- 6379:6379
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
strategy:
max-parallel: 4
matrix:
python-version: ["3.10"]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Python
uses: ./.github/actions/setup-python
- name: Install dependencies
run: |
pip install schemathesis
pip install httpx
- name: Django Api Testing
run: |
mysql --host=127.0.0.1 -uroot -p'dongtai-iast' -D dongtai_webapi < /home/runner/work/DongTai/DongTai/test/init.sql
cp dongtai_conf/conf/config.ini.test dongtai_conf/conf/config.ini
export DOC=TRUE
mkdir -p /tmp/logstash/report/{img,word,pdf,excel} && mkdir -p /tmp/iast_cache/package && mkdir -p /tmp/logstash/batchagent
python3 ./deploy/docker/version_update.py || true
python3 manage.py migrate
DOC=TRUE uwsgi --ini ./dongtai_conf/conf/uwsgi.ini --chdir $(pwd) --static-map "/upload=$(pwd)/static" > webapi.log &
sleep 15
schemathesis run --rate-limit=28/s --base-url "http://localhost:8000/" -H 'Authorization: Token 67aebd78e700ad36a82a152276196b5f49fafeb0' http://localhost:8000/api/XZPcGFKoxYXScwGjQtJx8u/schema/ --hypothesis-suppress-health-check=data_too_large,filter_too_much,too_slow,large_base_example,function_scoped_fixture --validate-schema=false --hypothesis-verbosity normal
Run-BuildCheck:
needs:
- init
runs-on: ubuntu-latest
strategy:
max-parallel: 4
matrix:
python-version: ["3.10"]
arch: ["linux/amd64"]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup QEMU
uses: docker/setup-qemu-action@v1
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Build and push ${{ matrix.arch }}
uses: docker/build-push-action@v2
with:
file: Dockerfile
context: .
push: false
platforms: ${{ matrix.arch }}
tags: |
registry.cn-hongkong.aliyuncs.com/secnium/dongtai-server-test:latest
registry.cn-hongkong.aliyuncs.com/secnium/dongtai-server-test:1.0.${{github.run_number}}
Run-MypyCheck:
needs:
- init
runs-on: ubuntu-latest
strategy:
max-parallel: 4
matrix:
python-version: ["3.10"]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Python
uses: ./.github/actions/setup-python
- name: Django Unit Testing
run: |
mypy --show-error-codes --ignore-missing-imports --no-incremental --show-error-codes --check-untyped-defs --disable-error-code var-annotated --disable-error-code list-item --disable-error-code attr-defined --disable-error-code assignment --disable-error-code misc --disable-error-code union-attr --disable-error-code index --disable-error-code call-overload --disable-error-code dict-item --disable-error-code truthy-function --disable-error-code operator --disable-error-code name-defined .
Run-BlackCheck:
needs:
- init
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: psf/black@stable
Run-RuffCheck:
needs:
- init
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: chartboost/ruff-action@v1
Run-BanditCheck:
needs:
- init
runs-on: ubuntu-latest
strategy:
max-parallel: 4
matrix:
python-version: ["3.10"]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Python
uses: ./.github/actions/setup-python
- name: Install dependencies
run: pip install bandit
- name: Django Unit Testing
run: |
bandit -iii -lll -r .
Run-Unit-TEST:
needs:
- init
runs-on: ubuntu-latest
services:
mysql:
image: dongtai/dongtai-mysql-unittest:latest
ports:
- 3306:3306
options: >-
--health-cmd "mysqladmin ping --silent"
--health-interval 10s
--health-timeout 180s
--health-retries 10
redis:
image: dongtai/dongtai-redis:latest
ports:
- 6379:6379
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
strategy:
max-parallel: 4
matrix:
python-version: ["3.10"]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Python
uses: ./.github/actions/setup-python
- name: Install dependencies
run: pip install coverage
- name: Django Unit Testing
run: |
export CELERY_EAGER_TEST=TRUE
cp dongtai_conf/conf/config.ini.test dongtai_conf/conf/config.ini
mkdir -p /tmp/logstash/report/{img,word,pdf,excel} && mkdir -p /tmp/iast_cache/package && mkdir -p /tmp/logstash/batchagent
python3 ./deploy/docker/version_update.py || true
python3 manage.py migrate
coverage run --source='.' manage.py test
coverage report
Run-Schema-Check:
needs:
- init
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Python
uses: ./.github/actions/setup-python
- name: Check Schema
run: python3 manage.py check_schema
analyze:
needs:
- init
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'python' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2