Skip to content

Commit

Permalink
Merge branch 'main' into kai/grype-display
Browse files Browse the repository at this point in the history
  • Loading branch information
coilysiren authored Nov 27, 2024
2 parents 5cd7b4f + 37ed851 commit 65b3590
Show file tree
Hide file tree
Showing 51 changed files with 1,710 additions and 426 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build-and-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ on:
jobs:
build-and-publish:
name: Build and publish
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

permissions:
contents: read
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/cd-analytics-infra.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ on:
jobs:
build-repository:
name: Build Repository
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
permissions:
contents: read
id-token: write
Expand All @@ -47,7 +47,7 @@ jobs:
deploy-infra:
name: Deploy Infrastructure
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/cd-api-infra.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ on:
jobs:
build-repository:
name: Build Repository
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
permissions:
contents: read
id-token: write
Expand All @@ -47,7 +47,7 @@ jobs:
deploy-infra:
name: Deploy Infrastructure
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/cd-frontend-infra.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ on:
jobs:
build-repository:
name: Build Repository
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
permissions:
contents: read
id-token: write
Expand All @@ -47,7 +47,7 @@ jobs:
deploy-infra:
name: Deploy Infrastructure
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/cd-storybook.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ concurrency:

jobs:
build:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down Expand Up @@ -51,7 +51,7 @@ jobs:
environment:
name: github-pages
url: ${{ steps.hosting.outputs.page_url }}
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: build
steps:
- name: Deploy to GitHub Pages
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/check-infra-auth.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ permissions:
jobs:
caller-identity:
name: Check caller identity
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci-analytics.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ defaults:
jobs:
lint-test:
name: Analytics Lint, Format & Tests
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
env:
GH_TOKEN: ${{ secrets.GH_TOKEN_PROJECT_ACCESS }}
ANALYTICS_SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci-api.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ defaults:
jobs:
lint-test:
name: API Lint, Format & Tests
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4

Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/ci-cron-vulnerability-scans.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ jobs:
vulnerability-scans:
name: Vulnerability Scans
strategy:
fail-fast: false
matrix:
app_name: ["frontend", "api", "analytics"]
uses: ./.github/workflows/vulnerability-scans.yml
Expand All @@ -21,4 +22,5 @@ jobs:

send-slack-notification:
if: failure()
needs: vulnerability-scans
uses: ./.github/workflows/send-slack-notification.yml
4 changes: 2 additions & 2 deletions .github/workflows/ci-frontend-a11y.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ on:
jobs:
build:
name: Pa11y-ci tests
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ./frontend
Expand Down Expand Up @@ -52,7 +52,7 @@ jobs:
npm run build
- name: Run Server
run: npm run start &
run: npm run start &

- name: Wait for frontend to be ready
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ci-frontend-e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ concurrency:
jobs:
e2e-tests:
name: Run E2E Tests
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

strategy:
matrix:
Expand Down Expand Up @@ -82,7 +82,7 @@ jobs:
name: Create Merged Test Report
if: ${{ !cancelled() }}
needs: [e2e-tests]
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

steps:
- name: Checkout code
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/ci-frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ concurrency:
jobs:
tests:
name: FE Lint, Type Check, Format & Tests
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

steps:
- uses: actions/checkout@v4
Expand Down Expand Up @@ -58,7 +58,7 @@ jobs:
# Confirms the front end still builds successfully
check-frontend-builds:
name: FE Build Check
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

steps:
- uses: actions/checkout@v4
Expand Down Expand Up @@ -86,7 +86,7 @@ jobs:
# Confirms Storybook still builds successfully
check-storybook-builds:
name: FE Storybook Build Check
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

steps:
- uses: actions/checkout@v4
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/ci-infra.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
# Lint github actions files using https://github.com/rhysd/actionlint
# This job configuration is largely copied from https://github.com/rhysd/actionlint/blob/main/docs/usage.md#use-actionlint-on-github-actions
name: Lint GitHub Actions workflows
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Download actionlint
Expand All @@ -31,14 +31,14 @@ jobs:
shell: bash
lint-scripts:
name: Lint scripts
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Shellcheck
run: make infra-lint-scripts
check-terraform-format:
name: Check Terraform format
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
Expand All @@ -51,7 +51,7 @@ jobs:
make infra-lint-terraform
validate-terraform:
name: Validate Terraform modules
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
Expand All @@ -62,7 +62,7 @@ jobs:
run: make infra-validate-modules
check-compliance-with-checkov:
name: Check compliance with checkov
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
Expand All @@ -81,7 +81,7 @@ jobs:
quiet: true # only displays failed checks
check-compliance-with-tfsec:
name: Check compliance with tfsec
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

permissions:
contents: read
Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/ci-openapi.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,9 @@ concurrency:
group: ${{ github.head_ref }}
cancel-in-progress: true


jobs:
update-openapi-docs:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
Expand All @@ -42,4 +41,4 @@ jobs:
git add --all
# Commit changes (if no changes then no-op)
git diff-index --quiet HEAD || git commit -m "Create ERD diagram and Update OpenAPI spec"
git push
git push
2 changes: 1 addition & 1 deletion .github/workflows/ci-project-linters.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ defaults:
jobs:
dry-run-project-linters:
name: Dry run GitHub project linters
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
env:
GH_TOKEN: ${{ secrets.GH_TOKEN_PROJECT_ACCESS }}
# Test issue with points and sprint values unset
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci-wiki-links.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ defaults:
jobs:
check-wiki-links:
name: Check wiki links in SUMMARY.md
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/database-migrations.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ concurrency: database-migrations-${{ inputs.environment }}
jobs:
run-migrations:
name: Run migrations
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

permissions:
contents: read
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deploy-metabase.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ concurrency: cd-${{ inputs.environment }}
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
permissions:
contents: read
id-token: write
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:

deploy:
name: Deploy
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: [database-migrations]
permissions:
contents: read
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/infra-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:
jobs:
infra-test-e2e:
name: Test service
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

permissions:
contents: read
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint-set-points-and-sprint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ defaults:
jobs:
run-project-linters:
name: Run set points and sprint values on close
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# Prevents duplicate runs of this linter for the same issue
concurrency:
group: issue-${{ github.event.issue.number }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/send-slack-notification.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ on: workflow_call
jobs:
send-slack-notification:
name: Send Slack notification on failure
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- name: Send Slack notification
run: |
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/vulnerability-scans.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ on:
jobs:
hadolint-scan:
name: Hadolint Scan
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

steps:
- uses: actions/checkout@v4
Expand All @@ -34,7 +34,7 @@ jobs:
cat hadolint-results.txt >> "$GITHUB_STEP_SUMMARY"
build-and-cache:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
outputs:
image: ${{ steps.shared-output.outputs.image }}

Expand Down Expand Up @@ -88,7 +88,7 @@ jobs:

trivy-scan:
name: Trivy Scan
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: build-and-cache

steps:
Expand Down Expand Up @@ -172,7 +172,7 @@ jobs:
anchore-scan:
name: Anchore Scan
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: build-and-cache

steps:
Expand Down Expand Up @@ -216,7 +216,7 @@ jobs:
dockle-scan:
name: Dockle Scan
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: build-and-cache

steps:
Expand Down
6 changes: 0 additions & 6 deletions .grype.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,3 @@ ignore:
- vulnerability: CVE-2024-34158
- vulnerability: CVE-2024-34156
- vulnerability: CVE-2024-34155

# https://github.com/HHS/simpler-grants-gov/issues/3015
- vulnerability: CVE-2024-10979
- vulnerability: CVE-2024-10978
- vulnerability: CVE-2024-10976
- vulnerability: CVE-2024-10977
Loading

0 comments on commit 65b3590

Please sign in to comment.