feat(snyk support): Changes to use Snyk for dependencies, licenses, a…

…nd code analysis (#257) * Add logic to set any snyk- branch to stage name snyk, for character length limits * Remove OBE workflow that was largely unused * remove OBE workflow, replaced by snyk check * Remove codeql in favor of snyk * Update badge * bump
Enterprise-CMCS · Dec 12, 2023 · e7573f9 · e7573f9
1 parent 6499289
commit e7573f9
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 187 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -7,10 +7,10 @@ on:
       - "!skipci*"
 
 concurrency:
-  group: ${{ github.ref_name }}-group
+  group: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-group
 
 env:
-  STAGE_NAME: ${{ github.ref_name }}
+  STAGE_NAME: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
 
 permissions:
   id-token: write
@@ -32,7 +32,7 @@ jobs:
     needs:
       - init
     environment:
-      name: ${{ github.ref_name }}
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -46,7 +46,7 @@ jobs:
     needs:
       - cache
     environment:
-      name: ${{ github.ref_name }}
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
       url: ${{ steps.deployment-data.outputs.APPURL }}
     outputs:
       app-url: ${{ steps.deployment-data.outputs.APPURL }}
@@ -70,7 +70,7 @@ jobs:
       - name: Set Site URL
         id: deployment-data
         run: |
-          echo ${{ github.ref_name }}
+          echo ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
           echo "APPURL=$(
             aws cloudformation \
             --region us-east-1 describe-stacks \
@@ -92,7 +92,7 @@ jobs:
     needs:
       - deploy
     environment:
-      name: ${{ github.ref_name }}-kibana
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-kibana
       url: ${{ needs.deploy.outputs.kibana-url }}
     steps:
       - name: Display Kibana URL
@@ -104,7 +104,7 @@ jobs:
     needs:
       - cache
     environment:
-      name: ${{ github.ref_name }}
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -154,7 +154,7 @@ jobs:
     needs:
       - deploy
     environment:
-      name: ${{ github.ref_name }}
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -186,7 +186,7 @@ jobs:
     needs:
       - deploy
     environment:
-      name: ${{ github.ref_name }}
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -215,7 +215,7 @@ jobs:
       - name: Archive stage resources
         uses: actions/upload-artifact@v3
         with:
-          name: aws-resources-${{ github.ref_name }}
+          name: aws-resources-${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
           path: resources/aws-resources.json
 
   release:

diff --git a/.github/workflows/destroy.yml b/.github/workflows/destroy.yml
@@ -22,9 +22,9 @@ jobs:
       )
     runs-on: ubuntu-20.04
     environment:
-      name: ${{ inputs.environment || github.event.ref }}
+      name: ${{ inputs.environment || (startsWith(github.event.ref, 'snyk-') && 'snyk' || github.event.ref) }}
     env:
-      STAGE_NAME: ${{ inputs.environment || github.event.ref }}
+      STAGE_NAME: ${{ inputs.environment || (startsWith(github.event.ref, 'snyk-') && 'snyk' || github.event.ref) }}
     permissions:
       id-token: write
       contents: read
@@ -61,5 +61,5 @@ jobs:
       - uses: strumwolf/delete-deployment-environment@v2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          environment: ${{ inputs.environment || github.event.ref }}
+          environment: ${{ inputs.environment || (startsWith(github.event.ref, 'snyk-') && 'snyk' || github.event.ref) }}
           onlyRemoveDeployments: true
diff --git a/.github/workflows/workspace-setup.yml b/.github/workflows/workspace-setup.yml
@@ -6,7 +6,7 @@ on:
     - cron: "0 10 * * SUN"
 
 concurrency:
-  group: ${{ github.ref_name }}-test-ws-setup
+  group: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-test-ws-setup
 
 jobs:
   test:
@@ -88,4 +88,4 @@ jobs:
           SLACK_ICON: https://github.com/Enterprise-CMCS.png?size=48
           SLACK_TITLE: Failure
           SLACK_USERNAME: ${{ github.repository }} - ${{job.status}}
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/README.md b/README.md
@@ -17,8 +17,8 @@
   <a href="https://codeclimate.com/github/Enterprise-CMCS/macpro-mako/maintainability">
     <img src="https://api.codeclimate.com/v1/badges/f4480e77af640e6fa864/maintainability" />
   </a>
-  <a href="https://dependabot.com/">
-    <img alt="Dependabot" src="https://badgen.net/badge/Dependabot/enabled/green?icon=dependabot">
+  <a href="https://snyk.io/">
+    <img alt="Snyk" src="https://img.shields.io/badge/Snyk-protected-purple">
   </a>
   <a href="https://github.com/prettier/prettier">
     <img alt="code style: prettier" src="https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square">