Skip to content

[ABW-3970] Shield Setup Select Factors #6120

[ABW-3970] Shield Setup Select Factors

[ABW-3970] Shield Setup Select Factors #6120

Workflow file for this run

name: CI
on:
pull_request:
types:
- ready_for_review
- synchronize
- opened
push:
branches:
- main
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
jobs:
snyk_scan:
if: >
( github.event.action == 'opened' && github.event.pull_request.draft == false ) ||
( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) ||
( github.event.action == 'ready_for_review' ) ||
( github.event_name == 'push' && github.ref == 'refs/heads/main' )
permissions:
id-token: write
contents: read
name: "Snyk scan"
runs-on: ubuntu-latest
steps:
- uses: RDXWorks-actions/checkout@main
- uses: RDXWorks-actions/setup-node@main
with:
node-version: '14'
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.GH_COMMON_SECRETS_READ_ACCESS }}
app_name: 'babylon-wallet-ios'
step_name: 'snyk-scan'
secret_prefix: 'SNYK'
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
parse_json: true
- name: Install snyk
run: |
npm install snyk -g
snyk -v
snyk auth ${{ env.SNYK_TOKEN }}
- name: Snyk deps and licences scan
run: |
timeout 300 snyk test --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --severity-threshold=high || [ "$?" = "124" ]
- name: Snyk code scan
continue-on-error: true
run: |
timeout 300 snyk code test --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --severity-threshold=high || [ "$?" = "124" ]
snyk_sbom:
if: >
( github.event.action == 'opened' && github.event.pull_request.draft == false ) ||
( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) ||
( github.event.action == 'ready_for_review' ) ||
( github.event_name == 'push' && github.ref == 'refs/heads/main' )
permissions:
id-token: write
contents: read
name: "Snyk SBOM"
runs-on: ubuntu-latest
steps:
- uses: RDXWorks-actions/checkout@main
- uses: RDXWorks-actions/setup-node@main
with:
node-version: '14'
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.GH_COMMON_SECRETS_READ_ACCESS }}
app_name: 'babylon-wallet-ios'
step_name: 'snyk_sbom'
secret_prefix: 'SNYK'
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
parse_json: true
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.GH_WALLET_SECRET_ACCESS }}
app_name: 'babylon-wallet-ios'
step_name: 'snyk_sbom'
secret_prefix: 'WALLET'
secret_name: ${{ secrets.AWS_SECRET_NAME_WALLET }}
parse_json: true
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.GH_WALLET_SECRET_ACCESS }}
app_name: 'babylon-wallet-ios'
step_name: 'unit_test'
secret_prefix: 'SWIFT_ENGINE_TOOLKIT_SSH_KEY'
secret_name: ${{ secrets.AWS_SECRET_NAME_WALLET_SWIFT_SSH }}
parse_json: true
- uses: RDXWorks-actions/ssh-agent@master
with:
ssh-private-key: |
${{ env.SWIFT_ENGINE_TOOLKIT_SSH_KEY }}
- name: Install snyk
run: |
npm install snyk -g
snyk -v
snyk auth ${{ env.SNYK_TOKEN }}
- name: Generate SBOM # check SBOM can be generated but nothing is done with it
run: |
snyk sbom --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --format=cyclonedx1.4+json > sbom.json
linting:
name: "Linting"
if: >
( github.event.action == 'opened' && github.event.pull_request.draft == false ) ||
( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) ||
( github.event.action == 'ready_for_review' ) ||
( github.event_name == 'push' && github.ref == 'refs/heads/main' )
runs-on: macos-15-xlarge
steps:
- uses: RDXWorks-actions/checkout@main
- name: "Run Lint"
run: |
brew update
brew upgrade swiftformat
swiftformat . --lint
unit_test:
if: >
( github.event.action == 'opened' && github.event.pull_request.draft == false ) ||
( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) ||
( github.event.action == 'ready_for_review' ) ||
( github.event_name == 'push' && github.ref == 'refs/heads/main' )
permissions:
id-token: write
contents: read
checks: write
name: "Unit test"
runs-on: macos-15-xlarge
timeout-minutes: 20
needs:
- linting
steps:
- uses: RDXWorks-actions/checkout@main
- name: Configure AWS credentials to fetch secrets
uses: RDXWorks-actions/configure-aws-credentials@main
with:
role-to-assume: ${{ secrets.GH_WALLET_SECRET_ACCESS }}
aws-region: "eu-west-2"
role-session-name: 'babylon-wallet-ios-${{ github.run_id }}-${{ github.run_attempt }}'
- name: Fetch AWS secrets
uses: RDXWorks-actions/aws-secretsmanager-get-secrets@main
with:
secret-ids: |
WALLET, ${{ secrets.AWS_SECRET_NAME_WALLET }}
parse-json-secrets: true
- name: Fetch AWS secrets
uses: RDXWorks-actions/aws-secretsmanager-get-secrets@main
with:
secret-ids: |
SWIFT_ENGINE_TOOLKIT_SSH_KEY, ${{ secrets.AWS_SECRET_NAME_WALLET_SWIFT_SSH }}
parse-json-secrets: true
- name: Fetch AWS secrets
uses: RDXWorks-actions/aws-secretsmanager-get-secrets@main
with:
secret-ids: |
FASTLANE_MATCH_REPO_SSH_KEY, ${{ secrets.AWS_SECRET_NAME_WALLET_FASTLANE_SSH }}
parse-json-secrets: true
- uses: RDXWorks-actions/ssh-agent@master
with:
ssh-private-key: |
${{ env.SWIFT_ENGINE_TOOLKIT_SSH_KEY }}
${{ env.FASTLANE_MATCH_REPO_SSH_KEY }}
- uses: RDXWorks-actions/setup-xcode@master
with:
xcode-version: "16.0.0"
- name: "Set up ruby"
uses: RDXWorks-actions/setup-ruby@master
with:
ruby-version: 3.1.2
bundler-cache: true
- name: "Install additional deps"
run: |
echo "${{ env.WALLET_FASTLANE_SECRETS_BASE64 }}" | base64 --decode > fastlane/.env.secret
brew install xcbeautify
- name: "Unit tests"
run: |
defaults write com.apple.dt.Xcode IDESkipMacroFingerprintValidation -bool YES
bundle exec fastlane tests
- name: Upload results
uses: RDXWorks-actions/[email protected]
with:
path: build/test_output/results.xcresult
show-passed-tests: false
show-code-coverage: true
if: success() || failure()
snyk_online_monitor:
permissions:
id-token: write
contents: read
name: "Snyk monitoring"
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs:
- unit_test
- snyk_scan
- snyk_sbom
steps:
- uses: RDXWorks-actions/checkout@main
- uses: RDXWorks-actions/setup-node@main
with:
node-version: '14'
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.GH_COMMON_SECRETS_READ_ACCESS }}
app_name: 'babylon-wallet-ios'
step_name: 'snyk_online_monitor'
secret_prefix: 'SNYK'
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
parse_json: true
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.GH_WALLET_SECRET_ACCESS }}
app_name: 'babylon-wallet-ios'
step_name: 'snyk_online_monitor'
secret_prefix: 'WALLET'
secret_name: ${{ secrets.AWS_SECRET_NAME_WALLET }}
parse_json: true
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.GH_WALLET_SECRET_ACCESS }}
app_name: 'babylon-wallet-ios'
step_name: 'unit_test'
secret_prefix: 'SWIFT_ENGINE_TOOLKIT_SSH_KEY'
secret_name: ${{ secrets.AWS_SECRET_NAME_WALLET_SWIFT_SSH }}
parse_json: true
- uses: RDXWorks-actions/ssh-agent@master
with:
ssh-private-key: |
${{ env.SWIFT_ENGINE_TOOLKIT_SSH_KEY }}
- name: Install snyk
run: |
npm install snyk -g
snyk -v
snyk auth ${{ env.SNYK_TOKEN }}
- name: Enable Snyk online monitoring to check for vulnerabilities
run: |
snyk monitor --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }}
# snapshot_tests:
# name: "Snapshot tests"
# runs-on: macos-12
# needs:
# - assertFormated
# steps:
# - uses: RDXWorks-actions/checkout@main
# - name: "Run snapshot tests"
# run: echo "Runing snapshot tests" # JUST A PLACEHOLDER, NEEDS TO BE REPLACED
# ui_tests:
# name: "UI tests"
# runs-on: macos-12
# needs:
# - assertFormated
# steps:
# - uses: RDXWorks-actions/checkout@main
# - name: "Run UI tests"
# run: echo "Runing UI tests" # JUST A PLACEHOLDER, NEEDS TO BE REPLACED