Cicd/add tests (#3) #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: python-tests | |
| on: [push, pull_request] | |
| jobs: | |
| tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.10' | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "18" | |
| - name: install python dependencies | |
| run: pip install -r requirements.txt | |
| - name: install layer files | |
| run: pip install -r ./lambda/token/requirements.txt --target ./layers/token/python --only-binary=":all:" --platform manylinux2014_x86_64 | |
| - name: install cdk | |
| run: npm install -g aws-cdk | |
| - name: smoke-test-pjwt-only | |
| run: | | |
| cp cdk.context.template cdk.context.json | |
| echo synth test with Private Key JWT only | |
| cdk synth | |
| - name: smoke-test-full | |
| run: | | |
| cp cdk.context.template cdk.context.json | |
| echo synth test with PKCE and Private Key JWT | |
| sed -i 's/\"pkce\": false/\"pkce\": true/g' cdk.context.json | |
| cdk synth | |
| - name: python sec scan | |
| run: | | |
| pip install bandit | |
| bandit -r ./ --exclude "./cdk.out","./layers" | |
| - name: static code analysis | |
| run: | | |
| pip install semgrep | |
| semgrep scan --config auto | |
| - name: python package scan - ignore future alternatives | |
| run: | | |
| pip install pip-audit | |
| for i in $(find . -name requirements.txt -not -path "*/alternatives/*") | |
| do | |
| pip-audit -r $i | |
| done |