Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(actions): migrate all actions to one repo #1

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
6 changes: 6 additions & 0 deletions .eslintignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
node_modules/
dist/
_*
coverage/
*.d.ts
*.js.map
63 changes: 63 additions & 0 deletions .eslintrc.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
/* eslint-env node */
module.exports = {
root: true,
ignorePatterns: ['node_modules', 'dist', '*.js'],
parser: '@typescript-eslint/parser',
parserOptions: {
project: ['./tsconfig.json', './*/tsconfig.json'],
tsconfigRootDir: __dirname
},
plugins: ['@typescript-eslint', 'import', 'prettier'],
extends: [
'eslint:recommended',
'plugin:@typescript-eslint/recommended',
'plugin:import/recommended',
'plugin:import/typescript',
'prettier'
],
settings: {
'import/resolver': {
typescript: {
project: ['./tsconfig.json', './*/tsconfig.json']
}
}
},
rules: {
'prettier/prettier': 'error',
'import/order': [
'error',
{
'groups': [
'builtin',
'external',
'internal',
'parent',
'sibling',
'index'
],
'newlines-between': 'always',
'alphabetize': { order: 'asc', caseInsensitive: true }
}
],
'@typescript-eslint/no-explicit-any': 'warn',
'@typescript-eslint/no-unsafe-assignment': 'warn',
'@typescript-eslint/no-unsafe-member-access': 'warn',
'@typescript-eslint/no-unsafe-argument': 'warn',
'@typescript-eslint/restrict-template-expressions': 'warn',
'@typescript-eslint/no-floating-promises': 'warn',
'@typescript-eslint/no-unnecessary-condition': 'warn'
},
env: {
node: true
},
overrides: [
{
files: ['*.js'],
extends: ['eslint:recommended', 'plugin:prettier/recommended'],
parser: 'espree',
parserOptions: {
ecmaVersion: 2021
}
}
]
};
106 changes: 106 additions & 0 deletions .github/workflows/build-test-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
name: Build, Test and Release

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
# Allow manual trigger
workflow_dispatch:

jobs:
detect-changes:
runs-on: ubuntu-22.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
env:
HUSKY: 0
steps:
- uses: actions/checkout@v3

- name: Get changed directories
id: set-matrix
run: |
DIRS=$(ls -d */ | grep -v 'node_modules\|.git\|.github' | sed 's/\///g' | jq -R -s -c 'split("\n")[:-1]')
echo "matrix=${DIRS}" >> $GITHUB_OUTPUT

build-and-test:
needs: detect-changes
runs-on: ubuntu-22.04
env:
HUSKY: 0
strategy:
matrix:
action: ${{fromJson(needs.detect-changes.outputs.matrix)}}
fail-fast: false # Continue with other actions even if one fails

steps:
- uses: actions/checkout@v3

- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '20'
cache: 'npm'

- name: Install root dependencies
run: npm ci --ignore-scripts

- name: Install action dependencies
working-directory: ${{ matrix.action }}
run: npm ci --ignore-scripts

- name: Build
working-directory: ${{ matrix.action }}
run: npm run build

- name: Test
working-directory: ${{ matrix.action }}
run: |
if [ -f "package.json" ] && grep -q "\"test\"" "package.json"; then
npm test
fi

release:
needs: build-and-test
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-22.04
env:
HUSKY: 0
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '20'

- name: Install dependencies
run: npm ci --ignore-scripts

- name: Get version
id: get_version
run: |
VERSION=$(node -p "require('./package.json').version")
echo "version=${VERSION}" >> $GITHUB_OUTPUT

- name: Create Release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v${{ steps.get_version.outputs.version }}
release_name: Release v${{ steps.get_version.outputs.version }}
body: |
Release of version ${{ steps.get_version.outputs.version }}

This release includes all actions in the repository:
- run-discovery
- run-scan
- stop-discovery
- stop-scan
- wait-for
draft: false
prerelease: false
4 changes: 2 additions & 2 deletions .github/workflows/run-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
steps:
- name: Scan Start
id: start
uses: NeuraLegion/run-scan@release
uses: NeuraLegion/bright-github-actions/run-scan@release
with:
api_token: ${{ secrets.BRIGHT_TOKEN}}
hostname: app.brightsec.com
Expand All @@ -31,7 +31,7 @@ jobs:
[ "https://brokencrystals.com" ]
- name: Wait for breakpoint
id: wait
uses: NeuraLegion/wait-for@release
uses: NeuraLegion/bright-github-actions/wait-for@release
with:
api_token: ${{ secrets.BRIGHT_TOKEN }}
hostname: app.brightsec.com
Expand Down
31 changes: 29 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,30 @@
# Dependencies
node_modules/
package.json
package-lock.json

# Build
**/dist/
**/*.tsbuildinfo

# IDE
**/.idea/
**/.vs/
**/.vscode/
**/*.code-workspace

# OS
**/.DS_Store

# Debug & Testing
**/.clinic/
**/coverage/

# Environment & Secrets
**/.env
**/.secrets

# Misc
**/.stfolder/
**/*.log
**/npm-debug.log*
**/yarn-debug.log*
**/yarn-error.log*
1 change: 1 addition & 0 deletions .husky/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
_
1 change: 1 addition & 0 deletions .husky/commit-msg
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
npx commitlint --edit $1
1 change: 1 addition & 0 deletions .husky/post-commit
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
git update-index --again
1 change: 1 addition & 0 deletions .husky/pre-commit
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
npx lint-staged
11 changes: 11 additions & 0 deletions .prettierignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
dist/
assets/
node_modules/
coverage/
*.log
*-lock.json
*.lock
.git
.husky/_
*.d.ts
*.js.map
9 changes: 9 additions & 0 deletions .prettierrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"tabWidth": 2,
"singleQuote": true,
"bracketSpacing": true,
"printWidth": 80,
"trailingComma": "none",
"arrowParens": "avoid",
"quoteProps": "consistent"
}
74 changes: 70 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,72 @@
# How to Start
# Bright GitHub Actions

This repository is a collection of GitHub Actions, with each subfolder containing a separate action for different Bright Security functionalities.

## Requirements

- Node.js (v14 or higher)
- npm (v6 or higher)

## Installation

1. Fork this repository.
2. Set `BRIGHT_TOKEN` and `KEY_GITHUB` secrets in your repository settings - with your own values.
3. Run a CI job in Gituhb Actions.
4. Go to Bright Security app and check if a scan was started.
2. Navigate to the specific action folder you want to use (e.g., `run-discovery` or `stop-discovery`)
3. Install dependencies:
```bash
npm install
```
4. Build the action:
```bash
npm run build
```

## Usage

1. Set `BRIGHT_TOKEN` and `KEY_GITHUB` secrets in your repository settings - with your own values.
2. Run a CI job in GitHub Actions.
3. Go to Bright Security app and check if a scan was started.

## Development

### Code Quality

This project uses ESLint for code linting. To run the linter:

```bash
npm run lint
```

### Git Hooks

This project uses Husky to manage Git hooks, ensuring code quality and consistency:

- Pre-commit: Runs linting and formatting checks
- Post-commit: Performs post-commit tasks
- Commit-msg: Validates commit messages format

### Commit Messages

We follow conventional commit messages format. Each commit message must have a specific structure:

```
<type>(<scope>): <description>

[optional body]

[optional footer]
```

Where `type` can be:

- build: Changes that affect the build system or external dependencies
- chore: Maintenance tasks
- ci: Changes to CI configuration files and scripts
- docs: Documentation only changes
- feat: A new feature
- fix: A bug fix
- perf: A code change that improves performance
- refactor: A code change that neither fixes a bug nor adds a feature
- style: Changes that do not affect the meaning of the code
- test: Adding missing tests or correcting existing tests

Commit messages are automatically validated using commitlint.
32 changes: 32 additions & 0 deletions commitlint.config.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
module.exports = {
extends: ['@commitlint/config-conventional'],
rules: {
'type-enum': [
2,
'always',
[
'build',
'chore',
'ci',
'docs',
'feat',
'fix',
'perf',
'refactor',
'revert',
'style',
'test'
]
],
'type-case': [2, 'always', 'lower-case'],
'type-empty': [2, 'never'],
'subject-empty': [2, 'never'],
'subject-full-stop': [2, 'never', '.'],
'subject-case': [
2,
'never',
['sentence-case', 'start-case', 'pascal-case', 'upper-case']
],
'header-max-length': [2, 'always', 72]
}
};
2 changes: 1 addition & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ services:
image: neuralegion/repeater:latest
restart: always
environment:
REPEATER_TOKEN: $NEXPLOIT_TOKEN
REPEATER_TOKEN: $BRIGHT_TOKEN
REPEATER_AGENT: $REPEATER
DEBUG: nexploit-cli
keycloak-db:
Expand Down
Loading