From 79abf6cb706f4d5be7f9b56dbcc77edbe1d85924 Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Fri, 8 Mar 2024 13:20:39 -0600 Subject: [PATCH] Refactor yaml string format for consistency. --- .github/workflows/backend.yml | 53 ++++++++++++---------------- .github/workflows/build.yml | 10 +++--- .github/workflows/codeql.yml | 6 ++-- .github/workflows/docs.yml | 27 +++++--------- .github/workflows/frontend.yml | 12 +++---- .github/workflows/infrastructure.yml | 16 ++++----- .github/workflows/security.yml | 22 +++++------- .github/workflows/sync-labels.yml | 4 +-- backend/env.yml | 28 +++++++-------- backend/serverless.yml | 12 +++---- frontend/env.yml | 4 +-- frontend/serverless.yml | 8 ++--- 12 files changed, 87 insertions(+), 115 deletions(-) diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml index 53971b03..c164123f 100644 --- a/.github/workflows/backend.yml +++ b/.github/workflows/backend.yml @@ -7,15 +7,15 @@ on: - develop - production paths: - - 'backend/**' - - '.github/workflows/backend.yml' + - backend/** + - .github/workflows/backend.yml pull_request: branches: - develop - production paths: - - 'backend/**' - - '.github/workflows/backend.yml' + - backend/** + - .github/workflows/backend.yml defaults: run: @@ -28,14 +28,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Lint @@ -47,14 +46,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Run site locally @@ -80,14 +78,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Build @@ -113,13 +110,12 @@ jobs: - name: Set up Python 3.10 uses: actions/setup-python@v5.0.0 with: - python-version: '3.10' + python-version: 3.10 - uses: actions/cache@v3 with: path: ~/.cache/pip - key: pip-${{ hashFiles('**/requirements.txt') }} - restore-keys: | - pip- + key: pip-${{ hashFiles(**/requirements.txt) }} + restore-keys: pip- - run: pip install -r worker/requirements.txt - run: pytest build_worker: @@ -129,14 +125,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Build worker container @@ -152,14 +147,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci @@ -203,14 +197,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4b..9f9404b0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -47,7 +47,7 @@ jobs: - id: setup-python uses: actions/setup-python@v4 with: - python-version: "3.11" + python-version: 3.11 # We need the Go version and Go cache location for the actions/cache step, # so the Go installation must happen before that. - id: setup-go @@ -56,11 +56,10 @@ jobs: # There is no expectation for actual Go code so we disable caching as # it relies on the existence of a go.sum file. cache: false - go-version: "1.20" + go-version: 1.20 - name: Lookup Go cache directory id: go-cache - run: | - echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT + run: echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT - uses: actions/cache@v3 env: BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ @@ -84,8 +83,7 @@ jobs: ${{ hashFiles('**/requirements-test.txt') }}-\ ${{ hashFiles('**/requirements.txt') }}-\ ${{ hashFiles('**/.pre-commit-config.yaml') }}" - restore-keys: | - ${{ env.BASE_CACHE_KEY }} + restore-keys: ${{ env.BASE_CACHE_KEY }} - name: Setup curl cache run: mkdir -p ${{ env.CURL_CACHE_DIR }} - name: Install Packer diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3ed6c54c..e527d368 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,11 +1,11 @@ --- -name: "CodeQL" +name: CodeQL on: push: - branches: ["develop", "production"] + branches: [develop, production] pull_request: - branches: ["develop"] + branches: [develop] schedule: - cron: "23 17 * * 6" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 0207bc93..5955e3d0 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -5,16 +5,16 @@ on: branches: - develop paths: - - 'docs/**' - - 'backend/**' - - '.github/workflows/docs.yml' + - docs/** + - backend/** + - .github/workflows/docs.yml pull_request: branches: - develop paths: - - 'docs/**' - - 'backend/**' - - '.github/workflows/docs.yml' + - docs/** + - backend/** + - .github/workflows/docs.yml defaults: run: @@ -28,14 +28,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: sudo apt-get update && sudo apt-get install -y libvips-dev glib2.0-dev - run: npm ci @@ -43,13 +42,3 @@ jobs: run: npm run lint - name: Build run: npm run build - # - name: Deploy to GitHub Pages - # if: github.event_name == 'push' && github.ref == 'refs/heads/master' - # uses: crazy-max/ghaction-github-pages@v3.0.0 - # with: - # keep_history: false - # target_branch: gh-pages - # build_dir: docs/public - # fqdn: docs.crossfeed.cyber.dhs.gov - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml index c0765c83..e2e2ac51 100644 --- a/.github/workflows/frontend.yml +++ b/.github/workflows/frontend.yml @@ -34,8 +34,7 @@ jobs: with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Lint @@ -53,8 +52,7 @@ jobs: with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Build @@ -77,8 +75,7 @@ jobs: with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Build Staging @@ -107,8 +104,7 @@ jobs: with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci diff --git a/.github/workflows/infrastructure.yml b/.github/workflows/infrastructure.yml index de3c7499..b0b98abf 100644 --- a/.github/workflows/infrastructure.yml +++ b/.github/workflows/infrastructure.yml @@ -7,15 +7,15 @@ on: - develop - production paths: - - 'infrastructure/**' - - '.github/workflows/infrastructure.yml' + - infrastructure/** + - .github/workflows/infrastructure.yml pull_request: branches: - develop - production paths: - - 'infrastructure/**' - - '.github/workflows/infrastructure.yml' + - infrastructure/** + - .github/workflows/infrastructure.yml defaults: run: @@ -25,12 +25,12 @@ jobs: format: runs-on: ubuntu-latest env: - URL: "https://releases.hashicorp.com/terraform/1.0.7/terraform_1.0.7_linux_amd64.zip" + URL: https://releases.hashicorp.com/terraform/1.0.7/terraform_1.0.7_linux_amd64.zip steps: - uses: actions/checkout@v3 - name: Install Terraform run: | - wget $URL + wget ${{ env.URL }} unzip terraform_1.0.7_linux_amd64.zip sudo mv terraform /usr/local/bin @@ -47,7 +47,7 @@ jobs: - name: Install Terraform run: | - wget $URL + wget ${{ env.URL }} unzip terraform_1.0.7_linux_amd64.zip sudo mv terraform /usr/local/bin @@ -86,7 +86,7 @@ jobs: - name: Install Terraform run: | - wget $URL + wget ${{ env.URL }} unzip terraform_1.0.7_linux_amd64.zip sudo mv terraform /usr/local/bin diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index d7a8999d..1a2cf0fd 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -3,7 +3,7 @@ name: Check for Vulnerabilities on: schedule: - - cron: '0 1 * * *' # every day at 1 AM + - cron: "0 1 * * *" # every day at 1 AM workflow_dispatch: push: @@ -17,14 +17,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Security @@ -38,14 +37,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Security @@ -59,14 +57,13 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: '18' + node-version: 18 - name: Restore npm cache uses: actions/cache@v3 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + restore-keys: ${{ runner.os }}-node- - name: Install dependencies run: npm ci - name: Security @@ -81,13 +78,12 @@ jobs: - name: Set up Python 3.10 uses: actions/setup-python@v5.0.0 with: - python-version: '3.10' + python-version: 3.10 - uses: actions/cache@v3 with: path: ~/.cache/pip key: pip-${{ hashFiles('**/requirements.txt') }} - restore-keys: | - pip- + restore-keys: pip- - run: pip install safety - run: | safety check -r worker/requirements.txt \ diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 44e8e198..0b2dd974 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -4,8 +4,8 @@ name: sync-labels on: push: paths: - - '.github/labels.yml' - - '.github/workflows/sync-labels.yml' + - .github/labels.yml + - .github/workflows/sync-labels.yml permissions: contents: read diff --git a/backend/env.yml b/backend/env.yml index cfa1c536..c51ef649 100644 --- a/backend/env.yml +++ b/backend/env.yml @@ -3,7 +3,7 @@ dev: DUMMY: staging: - DB_DIALECT: 'postgres' + DB_DIALECT: postgres DB_PORT: 5432 DB_HOST: ${ssm:/crossfeed/staging/DATABASE_HOST} DB_NAME: ${ssm:/crossfeed/staging/DATABASE_NAME} @@ -27,12 +27,12 @@ staging: FARGATE_SUBNET_ID: ${ssm:/crossfeed/staging/WORKER_SUBNET_ID} FARGATE_MAX_CONCURRENCY: 100 SCHEDULER_ORGS_PER_SCANTASK: 10 - FARGATE_CLUSTER_NAME: 'crossfeed-staging-worker' - FARGATE_TASK_DEFINITION_NAME: 'crossfeed-staging-worker' - FARGATE_LOG_GROUP_NAME: 'crossfeed-staging-worker' - CROSSFEED_SUPPORT_EMAIL_SENDER: 'noreply@staging.crossfeed.cyber.dhs.gov' - CROSSFEED_SUPPORT_EMAIL_REPLYTO: 'vulnerability@cisa.dhs.gov' - FRONTEND_DOMAIN: 'https://staging-cd.crossfeed.cyber.dhs.gov' + FARGATE_CLUSTER_NAME: crossfeed-staging-worker + FARGATE_TASK_DEFINITION_NAME: crossfeed-staging-worker + FARGATE_LOG_GROUP_NAME: crossfeed-staging-worker + CROSSFEED_SUPPORT_EMAIL_SENDER: noreply@staging.crossfeed.cyber.dhs.gov + CROSSFEED_SUPPORT_EMAIL_REPLYTO: vulnerability@cisa.dhs.gov + FRONTEND_DOMAIN: https://staging-cd.crossfeed.cyber.dhs.gov SLS_LAMBDA_PREFIX: '${self:service}-${self:provider.stage}' USE_COGNITO: 1 REACT_APP_USER_POOL_ID: us-east-1_uxiY8DOum @@ -61,7 +61,7 @@ staging: EMAIL_BUCKET_NAME: cisa-crossfeed-staging-html-email prod: - DB_DIALECT: 'postgres' + DB_DIALECT: postgres DB_PORT: 5432 DB_HOST: ${ssm:/crossfeed/prod/DATABASE_HOST} DB_NAME: ${ssm:/crossfeed/prod/DATABASE_NAME} @@ -77,12 +77,12 @@ prod: FARGATE_SUBNET_ID: ${ssm:/crossfeed/prod/WORKER_SUBNET_ID} FARGATE_MAX_CONCURRENCY: 300 SCHEDULER_ORGS_PER_SCANTASK: 50 - FARGATE_CLUSTER_NAME: 'crossfeed-prod-worker' - FARGATE_TASK_DEFINITION_NAME: 'crossfeed-prod-worker' - FARGATE_LOG_GROUP_NAME: 'crossfeed-prod-worker' - CROSSFEED_SUPPORT_EMAIL_SENDER: 'noreply@crossfeed.cyber.dhs.gov' - CROSSFEED_SUPPORT_EMAIL_REPLYTO: 'vulnerability@cisa.dhs.gov' - FRONTEND_DOMAIN: 'https://crossfeed.cyber.dhs.gov' + FARGATE_CLUSTER_NAME: crossfeed-prod-worker + FARGATE_TASK_DEFINITION_NAME: crossfeed-prod-worker + FARGATE_LOG_GROUP_NAME: crossfeed-prod-worker + CROSSFEED_SUPPORT_EMAIL_SENDER: noreply@crossfeed.cyber.dhs.gov + CROSSFEED_SUPPORT_EMAIL_REPLYTO: vulnerability@cisa.dhs.gov + FRONTEND_DOMAIN: https://crossfeed.cyber.dhs.gov SLS_LAMBDA_PREFIX: '${self:service}-${self:provider.stage}' USE_COGNITO: 1 REACT_APP_USER_POOL_ID: us-east-1_MZgKoBmkN diff --git a/backend/serverless.yml b/backend/serverless.yml index 16775047..b94a238f 100644 --- a/backend/serverless.yml +++ b/backend/serverless.yml @@ -7,7 +7,7 @@ configValidationMode: error custom: webpack: - webpackConfig: 'webpack.backend.config.js' + webpackConfig: webpack.backend.config.js customDomain: domainName: ${file(env.yml):${self:provider.stage}.DOMAIN, ''} basePath: '' @@ -26,13 +26,13 @@ provider: vpc: ${file(env.yml):${self:provider.stage}-vpc, ''} apiGateway: binaryMediaTypes: - - 'image/*' - - 'font/*' + - image/* + - font/* resourcePolicy: - Effect: Allow Principal: '*' - Action: 'execute-api:Invoke' - Resource: 'execute-api:/${self:provider.stage}/*/*' + Action: execute-api:Invoke + Resource: execute-api:/${self:provider.stage}/*/* logs: restApi: true deploymentBucket: @@ -48,7 +48,7 @@ provider: - cognito-idp:AdminDisableUser - cognito-idp:ListUsers - cognito-idp:AdminSetUserPassword - Resource: "*" + Resource: '*' - Effect: Allow Action: - ecs:RunTask diff --git a/frontend/env.yml b/frontend/env.yml index ee3a04fd..e1c8ee82 100644 --- a/frontend/env.yml +++ b/frontend/env.yml @@ -3,10 +3,10 @@ dev: FRONTEND_DOMAIN: '' staging: - DOMAIN: 'staging-cd.crossfeed.cyber.dhs.gov' + DOMAIN: staging-cd.crossfeed.cyber.dhs.gov prod: - DOMAIN: 'crossfeed.cyber.dhs.gov' + DOMAIN: crossfeed.cyber.dhs.gov dev-vpc: securityGroupIds: diff --git a/frontend/serverless.yml b/frontend/serverless.yml index 2ea0067e..aac51bab 100644 --- a/frontend/serverless.yml +++ b/frontend/serverless.yml @@ -7,7 +7,7 @@ configValidationMode: error custom: webpack: - webpackConfig: 'webpack.lambda.config.js' + webpackConfig: webpack.lambda.config.js customDomain: domainName: ${file(env.yml):${self:provider.stage}.DOMAIN, ''} basePath: '' @@ -26,12 +26,12 @@ provider: vpc: ${file(env.yml):${self:provider.stage}-vpc, ''} apiGateway: binaryMediaTypes: - - 'image/*' - - 'font/*' + - image/* + - font/* resourcePolicy: - Effect: Allow Principal: '*' - Action: 'execute-api:Invoke' + Action: execute-api:Invoke' Resource: 'execute-api:/${self:provider.stage}/*/*' logs: restApi: true