diff --git a/.github/actions/code_ql/README.md b/.github/actions/code_ql/README.md deleted file mode 100644 index d96f0723..00000000 --- a/.github/actions/code_ql/README.md +++ /dev/null @@ -1,30 +0,0 @@ -# Code QL - -This [composite action](./action.yml) is responsible for running CodeQL on the repository. - -## Inputs - -This action takes the following inputs: - -| Name | Type | Default | Required | Description | -| --------------------------- | ------- | ---------------------------- | --------- | --------------------------------------------------------- | -| `language` | String | | True | Specify the language you wish to target. CodeQL supports [ cpp, csharp, go, java, javascript, python, ruby ] - -## Outputs - -No outputs provided. - -## Example Usage - -```yaml -permissions: - actions: read - security-events: write - contents: read -steps: - - name: code_ql - uses: jupiterone/.github/.github/actions/code_ql@v# - with: - language: 'javascript' -``` - diff --git a/.github/actions/code_ql/action.yml b/.github/actions/code_ql/action.yml deleted file mode 100644 index 46a1425d..00000000 --- a/.github/actions/code_ql/action.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Runs CodeQL on the repository - -inputs: - language: - description: 'Specify the language you wish to target. CodeQL supports [ cpp, csharp, go, java, javascript, python, ruby ]' - required: true - type: string - -runs: - using: "composite" - steps: - - name: code_ql_inputs - shell: bash - run: | - echo "language=${{ inputs.language }}" - - name: initialize_code_ql - uses: github/codeql-action/init@v2 - with: - languages: ${{ inputs.language }} - queries: security-extended,security-and-quality - - name: auto_build - uses: github/codeql-action/autobuild@v2 - - name: analyze - uses: github/codeql-action/analyze@v2 diff --git a/.github/actions/code_ql/mocks.ts b/.github/actions/code_ql/mocks.ts deleted file mode 100644 index 91573311..00000000 --- a/.github/actions/code_ql/mocks.ts +++ /dev/null @@ -1,10 +0,0 @@ -/* -This file is automatically leveraged when tests are run to determine which -steps should be skipped in the composite action. If these steps were not -mocked, they would break the test. -*/ -export const CODE_QL_MOCK_STEPS = [ - { name: 'initialize_code_ql' }, - { name: 'auto_build' }, - { name: 'analyze' }, -]; diff --git a/.github/workflows/backend_deployment_pr.yaml b/.github/workflows/backend_deployment_pr.yaml index b14a2b93..881d312e 100644 --- a/.github/workflows/backend_deployment_pr.yaml +++ b/.github/workflows/backend_deployment_pr.yaml @@ -47,16 +47,3 @@ jobs: # Not all deployments build code - if: ${{ inputs.use-build }} run: npm run build - security: - name: Security - runs-on: scaleset-jupiterone-infra-amd64 - permissions: - actions: read - security-events: write - contents: read - steps: - - uses: actions/checkout@v3 - - name: security - uses: jupiterone/.github/.github/actions/code_ql@v3.0.41 - with: - language: ${{ inputs.language }} diff --git a/.github/workflows/docs/frontend/frontend_npm_pr.md b/.github/workflows/docs/frontend/frontend_npm_pr.md index 2f96221d..007a9895 100644 --- a/.github/workflows/docs/frontend/frontend_npm_pr.md +++ b/.github/workflows/docs/frontend/frontend_npm_pr.md @@ -41,10 +41,8 @@ jobs: graph LR; A[start flow]; B[validate]; - C[security]; A --> B; - A --> C; ``` ### With Chromatic @@ -69,10 +67,8 @@ graph LR; A[start flow]; B[validate]; C[chromatic_upload]; - D[security]; A --> B; A --> C; - A --> D; ``` diff --git a/.github/workflows/docs/frontend/frontend_npm_release.md b/.github/workflows/docs/frontend/frontend_npm_release.md index 3a34f7e9..509f66a8 100644 --- a/.github/workflows/docs/frontend/frontend_npm_release.md +++ b/.github/workflows/docs/frontend/frontend_npm_release.md @@ -46,12 +46,10 @@ graph LR; B[validate]; C[release]; D[cortex]; - E[security]; A --> B; B --> C; B --> D; - A --> E; ``` ### With Chromatic @@ -79,11 +77,9 @@ graph LR; C[chromatic_publish] D[release]; E[cortex]; - F[security]; A --> B; B --> C; B --> D; B --> E; - A --> F; ``` diff --git a/.github/workflows/docs/frontend/frontend_runtime_application_pr.md b/.github/workflows/docs/frontend/frontend_runtime_application_pr.md index 341d0dd2..8d4e965e 100644 --- a/.github/workflows/docs/frontend/frontend_runtime_application_pr.md +++ b/.github/workflows/docs/frontend/frontend_runtime_application_pr.md @@ -48,11 +48,9 @@ graph LR; B[migration_number]; C[magic_url]; D[validate]; - E[security]; A --> B; A --> D; - A --> E; B --> C; ``` @@ -81,13 +79,11 @@ graph LR; C[magic_url]; D[validate]; E[chromatic_upload]; - F[security]; G[pr_comment] A --> B; A --> D; A --> E; B --> C; - A --> F; A --> G; ``` diff --git a/.github/workflows/docs/frontend/frontend_runtime_deploy.md b/.github/workflows/docs/frontend/frontend_runtime_deploy.md index 67007cbc..35b74995 100644 --- a/.github/workflows/docs/frontend/frontend_runtime_deploy.md +++ b/.github/workflows/docs/frontend/frontend_runtime_deploy.md @@ -44,11 +44,10 @@ jobs: ```mermaid graph LR; A[start flow]; - B[security]; C[validate]; D[cortex]; - A --> B; + A; A --> C --> D; ``` @@ -73,12 +72,10 @@ jobs: ```mermaid graph LR; A[start flow]; - B[security]; C[validate]; D[cortex]; E[chromatic_publish]; - A --> B; A --> C; C --> D; C --> E; diff --git a/.github/workflows/docs/frontend/frontend_runtime_utility_pr.md b/.github/workflows/docs/frontend/frontend_runtime_utility_pr.md index 75d5fe12..d19a2dd9 100644 --- a/.github/workflows/docs/frontend/frontend_runtime_utility_pr.md +++ b/.github/workflows/docs/frontend/frontend_runtime_utility_pr.md @@ -44,12 +44,10 @@ graph LR; B[migration_number]; C[magic_url]; D[validate]; - E[security]; F[pr_comment]; A --> B; A --> D; - A --> E; B --> C; A --> F; ``` @@ -78,12 +76,10 @@ graph LR; C[magic_url]; D[validate]; E[chromatic_upload]; - F[security]; A --> B; A --> D; A --> E; - A --> F; B --> C; ``` diff --git a/.github/workflows/docs/provision_only_pr.md b/.github/workflows/docs/provision_only_pr.md index 9a770006..93238520 100644 --- a/.github/workflows/docs/provision_only_pr.md +++ b/.github/workflows/docs/provision_only_pr.md @@ -39,9 +39,7 @@ jobs: graph LR; A[start flow]; B[validate]; - C[security]; A --> B; - A --> C; ``` diff --git a/.github/workflows/docs/provision_only_release.md b/.github/workflows/docs/provision_only_release.md index 0e2cb361..e02ab1ed 100644 --- a/.github/workflows/docs/provision_only_release.md +++ b/.github/workflows/docs/provision_only_release.md @@ -40,11 +40,9 @@ jobs: graph LR; A[start flow]; B[validate]; - C[security]; D[version_artifact]; A --> B; - A --> C; B --> D; ``` diff --git a/.github/workflows/frontend_npm_pr.yml b/.github/workflows/frontend_npm_pr.yml index 2f00e87e..49c29969 100644 --- a/.github/workflows/frontend_npm_pr.yml +++ b/.github/workflows/frontend_npm_pr.yml @@ -47,19 +47,6 @@ jobs: - name: build uses: jupiterone/.github/.github/actions/build@v3.0.41 - security: - runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-amd64' }} - permissions: - actions: read - security-events: write - contents: read - steps: - - uses: actions/checkout@v3 - - name: security - uses: jupiterone/.github/.github/actions/code_ql@v3.0.41 - with: - language: 'javascript' - chromatic_upload: # Name targeted by branch protections, do not change name: Visual Regression diff --git a/.github/workflows/frontend_npm_release.yml b/.github/workflows/frontend_npm_release.yml index d4bc520a..e8a8d216 100644 --- a/.github/workflows/frontend_npm_release.yml +++ b/.github/workflows/frontend_npm_release.yml @@ -53,19 +53,6 @@ jobs: - name: build uses: jupiterone/.github/.github/actions/build@v3.0.41 - security: - runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-amd64' }} - permissions: - actions: read - security-events: write - contents: read - steps: - - uses: actions/checkout@v3 - - name: security - uses: jupiterone/.github/.github/actions/code_ql@v3.0.41 - with: - language: 'javascript' - chromatic_publish: runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-arm64' }} needs: validate @@ -115,4 +102,4 @@ jobs: - name: cortex uses: jupiterone/.github/.github/actions/frontend/cortex@v3.0.41 with: - cortex_api_key: ${{ secrets.CORTEX_API_KEY }} \ No newline at end of file + cortex_api_key: ${{ secrets.CORTEX_API_KEY }} diff --git a/.github/workflows/frontend_runtime_application_pr.yml b/.github/workflows/frontend_runtime_application_pr.yml index 73b45026..4aad8972 100644 --- a/.github/workflows/frontend_runtime_application_pr.yml +++ b/.github/workflows/frontend_runtime_application_pr.yml @@ -72,19 +72,6 @@ jobs: - name: validate uses: jupiterone/.github/.github/actions/validate@v3.0.41 - security: - runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-amd64' }} - permissions: - actions: read - security-events: write - contents: read - steps: - - uses: actions/checkout@v3 - - name: security - uses: jupiterone/.github/.github/actions/code_ql@v3.0.41 - with: - language: 'javascript' - chromatic_upload: # Name targeted by branch protections, do not change name: Visual Regression diff --git a/.github/workflows/frontend_runtime_deploy.yml b/.github/workflows/frontend_runtime_deploy.yml index eb5d6340..a01586ac 100644 --- a/.github/workflows/frontend_runtime_deploy.yml +++ b/.github/workflows/frontend_runtime_deploy.yml @@ -43,19 +43,6 @@ jobs: uses: jupiterone/.github/.github/actions/validate@v3.0.41 - name: build uses: jupiterone/.github/.github/actions/build@v3.0.41 - - security: - runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-amd64' }} - permissions: - actions: read - security-events: write - contents: read - steps: - - uses: actions/checkout@v3 - - name: security - uses: jupiterone/.github/.github/actions/code_ql@v3.0.41 - with: - language: 'javascript' chromatic_publish: runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-arm64' }} diff --git a/.github/workflows/frontend_runtime_utility_pr.yml b/.github/workflows/frontend_runtime_utility_pr.yml index d09fb1af..399685be 100644 --- a/.github/workflows/frontend_runtime_utility_pr.yml +++ b/.github/workflows/frontend_runtime_utility_pr.yml @@ -70,19 +70,6 @@ jobs: - name: remote_types_tests uses: jupiterone/.github/.github/actions/frontend/runtime/remote_types_tests@v3.0.41 - security: - runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-amd64' }} - permissions: - actions: read - security-events: write - contents: read - steps: - - uses: actions/checkout@v3 - - name: security - uses: jupiterone/.github/.github/actions/code_ql@v3.0.41 - with: - language: 'javascript' - chromatic_upload: # Name targeted by branch protections, do not change name: Visual Regression diff --git a/.github/workflows/provision_only_pr.yml b/.github/workflows/provision_only_pr.yml index cad6d79f..78d2a085 100644 --- a/.github/workflows/provision_only_pr.yml +++ b/.github/workflows/provision_only_pr.yml @@ -35,16 +35,3 @@ jobs: - uses: hashicorp/setup-terraform@v2 - name: validate uses: jupiterone/.github/.github/actions/validate@v3.0.41 - - security: - runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-amd64' }} - permissions: - actions: read - security-events: write - contents: read - steps: - - uses: actions/checkout@v3 - - name: security - uses: jupiterone/.github/.github/actions/code_ql@v3.0.41 - with: - language: 'javascript' diff --git a/.github/workflows/provision_only_release.yml b/.github/workflows/provision_only_release.yml index bd2bc09c..c6d0d98c 100644 --- a/.github/workflows/provision_only_release.yml +++ b/.github/workflows/provision_only_release.yml @@ -38,19 +38,6 @@ jobs: - uses: hashicorp/setup-terraform@v2 - name: validate uses: jupiterone/.github/.github/actions/validate@v3.0.41 - - security: - runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-amd64' }} - permissions: - actions: read - security-events: write - contents: read - steps: - - uses: actions/checkout@v3 - - name: security - uses: jupiterone/.github/.github/actions/code_ql@v3.0.41 - with: - language: 'javascript' version_artifact: runs-on: ${{ (inputs.fallback_runner && 'ubuntu-latest') || 'scaleset-jupiterone-infra-amd64' }} diff --git a/.github/workflows/test/frontend_npm_pr.test.ts b/.github/workflows/test/frontend_npm_pr.test.ts index 7513a8f4..95ffd6c3 100644 --- a/.github/workflows/test/frontend_npm_pr.test.ts +++ b/.github/workflows/test/frontend_npm_pr.test.ts @@ -34,11 +34,6 @@ test('validate inputs and secrets', async () => { const chromatic_inputs = getTestResult({ results, name: 'chromatic_inputs' }); expect(chromatic_inputs.output).toContain(`chromatic_project_token=***`); - - // code_ql - const code_ql_inputs = getTestResult({ results, name: 'code_ql_inputs' }); - - expect(code_ql_inputs.output).toContain(`language=javascript`); }); test('default flow', async () => { @@ -51,7 +46,7 @@ test('default flow', async () => { 'security' ] }); - expect(jobs_found.length).toEqual(2); + expect(jobs_found.length).toEqual(1); }); test('when use_chromatic is true', async () => { diff --git a/.github/workflows/test/frontend_npm_release.test.ts b/.github/workflows/test/frontend_npm_release.test.ts index 48625bef..cd40a117 100644 --- a/.github/workflows/test/frontend_npm_release.test.ts +++ b/.github/workflows/test/frontend_npm_release.test.ts @@ -45,11 +45,6 @@ test('validate inputs and secrets', async () => { const cortex_inputs = getTestResult({ results, name: 'cortex_inputs' }); expect(cortex_inputs.output).toContain(`cortex_api_key=***`); - - // code_ql - const code_ql_inputs = getTestResult({ results, name: 'code_ql_inputs' }); - - expect(code_ql_inputs.output).toContain(`language=javascript`); }); test('default flow', async () => { @@ -59,12 +54,11 @@ test('default flow', async () => { const jobs_found = getTestResults({ results, names: [ 'validate', - 'security', 'publish', 'cortex' ] }); - expect(jobs_found.length).toEqual(4); + expect(jobs_found.length).toEqual(3); }); test('when use_chromatic is true', async () => { @@ -76,11 +70,10 @@ test('when use_chromatic is true', async () => { const jobs_found = getTestResults({ results, names: [ 'validate', - 'security', 'chromatic_publish', 'publish', 'cortex' ] }); - expect(jobs_found.length).toEqual(5); + expect(jobs_found.length).toEqual(4); }); diff --git a/.github/workflows/test/frontend_runtime_application_pr.test.ts b/.github/workflows/test/frontend_runtime_application_pr.test.ts index 0be05f9b..69881ae6 100644 --- a/.github/workflows/test/frontend_runtime_application_pr.test.ts +++ b/.github/workflows/test/frontend_runtime_application_pr.test.ts @@ -45,11 +45,6 @@ test('validate inputs and secrets', async () => { expect(magic_url_inputs.output).toContain(`migration=${mockPackageJson.config.migration}`); expect(magic_url_inputs.output).toContain(`magic_url_route=${mockInputs.magic_url_route}`); - // code_ql - const code_ql_inputs = getTestResult({ results, name: 'code_ql_inputs' }); - - expect(code_ql_inputs.output).toContain(`language=javascript`); - // pr_comment const pr_comment_inputs = getTestResult({ results, name: 'pr_comment_inputs' }); @@ -65,11 +60,10 @@ test('default flow', async () => { 'pr_comment', 'migration_number', 'validate', - 'security', 'magic_url' ] }); - expect(jobs_found.length).toEqual(5); + expect(jobs_found.length).toEqual(4); }); test('when use_validate is false', async () => { diff --git a/.github/workflows/test/frontend_runtime_deploy.test.ts b/.github/workflows/test/frontend_runtime_deploy.test.ts index 94074c49..a7e25d65 100644 --- a/.github/workflows/test/frontend_runtime_deploy.test.ts +++ b/.github/workflows/test/frontend_runtime_deploy.test.ts @@ -37,11 +37,6 @@ test('validate inputs and secrets', async () => { const chromatic_inputs = getTestResult({ results, name: 'chromatic_inputs' }); expect(chromatic_inputs.output).toContain(`chromatic_project_token=***`); - - // code_ql - const code_ql_inputs = getTestResult({ results, name: 'code_ql_inputs' }); - - expect(code_ql_inputs.output).toContain(`language=javascript`); }); test('default flow', async () => { @@ -51,11 +46,10 @@ test('default flow', async () => { const jobs_found = getTestResults({ results, names: [ 'validate', - 'security', 'cortex' ] }); - expect(jobs_found.length).toEqual(3); + expect(jobs_found.length).toEqual(2); }); test('flow with chromatic turned on', async () => { @@ -67,10 +61,9 @@ test('flow with chromatic turned on', async () => { const jobs_found = getTestResults({ results, names: [ 'validate', - 'security', 'cortex', 'chromatic_publish' ] }); - expect(jobs_found.length).toEqual(4); + expect(jobs_found.length).toEqual(3); }); diff --git a/.github/workflows/test/frontend_runtime_utility_pr.test.ts b/.github/workflows/test/frontend_runtime_utility_pr.test.ts index 8fbbb349..70dd2ef9 100644 --- a/.github/workflows/test/frontend_runtime_utility_pr.test.ts +++ b/.github/workflows/test/frontend_runtime_utility_pr.test.ts @@ -43,11 +43,6 @@ test('validate inputs and secrets', async () => { expect(magic_url_inputs.output).toContain(`migration=${mockPackageJson.config.migration}`); - // code_ql - const code_ql_inputs = getTestResult({ results, name: 'code_ql_inputs' }); - - expect(code_ql_inputs.output).toContain(`language=javascript`); - // pr_comment const pr_comment_inputs = getTestResult({ results, name: 'pr_comment_inputs' }); @@ -62,11 +57,10 @@ test('default flow', async () => { 'pr_comment', 'migration_number', 'validate', - 'security', 'magic_url' ] }); - expect(jobs_found.length).toEqual(5); + expect(jobs_found.length).toEqual(4); }); test('when use_validate is false', async () => { diff --git a/.github/workflows/test/provision_only_pr.test.ts b/.github/workflows/test/provision_only_pr.test.ts index 2eda0d19..9aaac400 100644 --- a/.github/workflows/test/provision_only_pr.test.ts +++ b/.github/workflows/test/provision_only_pr.test.ts @@ -24,8 +24,7 @@ test('default flow', async () => { const jobs_found = getTestResults({ results, names: [ 'validate', - 'security' ] }); - expect(jobs_found.length).toEqual(2); + expect(jobs_found.length).toEqual(1); }); diff --git a/.github/workflows/test/provision_only_release.test.ts b/.github/workflows/test/provision_only_release.test.ts index 9caf3936..43c0a931 100644 --- a/.github/workflows/test/provision_only_release.test.ts +++ b/.github/workflows/test/provision_only_release.test.ts @@ -40,9 +40,8 @@ test('default flow', async () => { const jobs_found = getTestResults({ results, names: [ 'validate', - 'security', 'version_artifact' ] }); - expect(jobs_found.length).toEqual(3); + expect(jobs_found.length).toEqual(2); }); diff --git a/README.md b/README.md index 5d5da286..81823825 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,6 @@ The workflows above take advantage of the composite actions listed below, levera - [validate](.github/actions/validate/README.md) - [build](.github/actions/build/README.md) -- [code_ql](.github/actions/code_ql/README.md) - [get_branch](.github/actions/get_branch/README.md) - [pr_comment](.github/actions/pr_comment/README.md) - [setup_env](.github/actions/setup_env/README.md)