✨chore(workflows): update workflows (#2)

* 🚚 refactor(diagram): update file path and project name This commit updates the file path for create-diagram.yml and project name to @eventiva/eventiva. It also modifies the "push" event to the "pull_request_target" event with specific types and ignored branches to match the workflow. Lastly, it updates the "Last Modified" and "Author" fields. Signed-off-by: Jonathan Stevens <[email protected]> * ✨ feat(infra): add GitGuardian iac scan workflow Adds a new workflow infrastructure_scan.yml to scan infrastructure as code (IaC) using GitGuardian. The workflow runs on every push and pull request. It uses the GitGuardian/ggshield/actions/iac@main action and checks minimum-severity "CRITICAL". The workflow checks the ./terraform/ directory and uses the secret GITGUARDIAN_API_KEY. Signed-off-by: Jonathan Stevens <[email protected]> * ✨ feat(secrets.yml): Add GitGuardian scan for push and pull_request This commit adds a new Github Action, GitGuardian scan, that runs on every push and pull_request. This Action scans multiple commits to check for leaked secrets, unauthorized access, and policy violations. Signed-off-by: Jonathan Stevens <[email protected]> * ♻️ chore(infrastructure_scan.yml): improve filtering logic for GitGuardian scan job This commit adds path filtering for the `GitGuardian iac scan` job in the workflow, making it only trigger when the `.terraform` directory is present and modified. This filter is now implemented for both push and pull-request events. Signed-off-by: Jonathan Stevens <[email protected]> --------- Signed-off-by: Jonathan Stevens <[email protected]>
Eventiva · May 8, 2023 · e239953 · e239953
1 parent c978c47
commit e239953
Show file tree

Hide file tree

Showing 3 changed files with 137 additions and 11 deletions.
diff --git a/projects/workflows/.github/.github/workflows/create-diagram.yml b/projects/workflows/.github/.github/workflows/create-diagram.yml
@@ -1,19 +1,19 @@
 ###
  # @format
  # -----
- # Project: @resnovas/eventiva
+ # Project: @eventiva/eventiva
  # File: create-diagram.yml
- # Path: \.github\workflows\create-diagram.yml
+ # Path: \projects\.github\.github\workflows\create-diagram.yml
  # Created Date: Monday, May 1st 2023
  # Author: Jonathan Stevens (Email: [email protected], Github: https://github.com/TGTGamer)
  # -----
  # Contributing: Please read through our contributing guidelines. Included are directions for opening
- # issues, coding standards, and notes on development. These can be found at https://github.com/resnovas/eventiva/blob/develop/CONTRIBUTING.md
+ # issues, coding standards, and notes on development. These can be found at https://github.com/eventiva/eventiva/blob/develop/CONTRIBUTING.md
  # 
  # Code of Conduct: This project abides by the Contributor Covenant, version 2.0. Please interact in ways that contribute to an open,
- # welcoming, diverse, inclusive, and healthy community. Our Code of Conduct can be found at https://github.com/resnovas/eventiva/blob/develop/CODE_OF_CONDUCT.md
+ # welcoming, diverse, inclusive, and healthy community. Our Code of Conduct can be found at https://github.com/eventiva/eventiva/blob/develop/CODE_OF_CONDUCT.md
  # -----
- # Copyright (c) 2023 Resnovas - All Rights Reserved
+ # Copyright (c) 2023 Eventiva - All Rights Reserved
  # LICENSE: Creative Commons Zero v1.0 Universal (CC0-1.0)
  # -----
  # This program has been provided under confidence of the copyright holder and is 
@@ -32,16 +32,16 @@
  # 
  # DELETING THIS NOTICE AUTOMATICALLY VOIDS YOUR LICENSE - PLEASE SEE THE LICENSE FILE FOR DETAILS
  # -----
- # Last Modified: 01-05-2023
- # By: Jonathan Stevens (Email: jonathan@resnovas.com, Github: https://github.com/TGTGamer)
+ # Last Modified: 08-05-2023
+ # By: Jonathan Stevens (Email: jonathan[email protected], Github: https://github.com/TGTGamer)
  # Current Version: 0.0.0
  ###
-
 on:
   workflow_dispatch: {}
-  push:
-    branches:
-      - develop
+  pull_request_target:
+    types: [opened, edited, reopened, ready_for_review, synchronize]
+    branches-ignore: [main]
+
 jobs:
   get_data:
     runs-on: ubuntu-latest

diff --git a/projects/workflows/.github/.github/workflows/infrastructure_scan.yml b/projects/workflows/.github/.github/workflows/infrastructure_scan.yml
@@ -0,0 +1,64 @@
+###
+ # @format
+ # -----
+ # Project: @eventiva/eventiva
+ # File: infrastructure_scan.yml
+ # Path: \projects\.github\.github\workflows\infrastructure_scan.yml
+ # Created Date: Monday, May 8th 2023
+ # Author: Jonathan Stevens (Email: [email protected], Github: https://github.com/TGTGamer)
+ # -----
+ # Contributing: Please read through our contributing guidelines. Included are directions for opening
+ # issues, coding standards, and notes on development. These can be found at https://github.com/eventiva/eventiva/blob/develop/CONTRIBUTING.md
+ # 
+ # Code of Conduct: This project abides by the Contributor Covenant, version 2.0. Please interact in ways that contribute to an open,
+ # welcoming, diverse, inclusive, and healthy community. Our Code of Conduct can be found at https://github.com/eventiva/eventiva/blob/develop/CODE_OF_CONDUCT.md
+ # -----
+ # Copyright (c) 2023 Eventiva - All Rights Reserved
+ # LICENSE: Creative Commons Zero v1.0 Universal (CC0-1.0)
+ # -----
+ # This program has been provided under confidence of the copyright holder and is 
+ # licensed for copying, distribution and modification under the terms of
+ # the Creative Commons Zero v1.0 Universal (CC0-1.0) published as the License,
+ # or (at your option) any later version of this license.
+ # 
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # Creative Commons Zero v1.0 Universal for more details.
+ # 
+ # You should have received a copy of the Creative Commons Zero v1.0 Universal
+ # along with this program. If not, please write to: [email protected],
+ # or see https://creativecommons.org/publicdomain/zero/1.0/legalcode
+ # 
+ # DELETING THIS NOTICE AUTOMATICALLY VOIDS YOUR LICENSE - PLEASE SEE THE LICENSE FILE FOR DETAILS
+ # -----
+ # Last Modified: 08-05-2023
+ # By: Jonathan Stevens (Email: [email protected], Github: https://github.com/TGTGamer)
+ # Current Version: 0.0.0
+ ###
+
+name: GitGuardian iac scan
+on: 
+  push: 
+    paths:
+      - '.terraform/**'
+  pull_request:
+    paths:
+      - '.terraform/**'
+
+jobs:
+  scanning:
+    name: GitGuardian iac scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: 'recursive'
+          token: "${{ secrets.BOT_TOKEN }}"
+      - name: GitGuardian iac scan
+        uses: GitGuardian/ggshield/actions/iac@main
+        with:
+          args: ./terraform/ --minimum-severity CRITICAL # pass arguments to the action. If missing, will scan the current directory
+        env:
+          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
diff --git a/projects/workflows/.github/.github/workflows/secrets.yml b/projects/workflows/.github/.github/workflows/secrets.yml
@@ -0,0 +1,62 @@
+###
+ # @format
+ # -----
+ # Project: @eventiva/eventiva
+ # File: secrets.yml
+ # Path: \projects\.github\.github\workflows\secrets.yml
+ # Created Date: Monday, May 8th 2023
+ # Author: Jonathan Stevens (Email: [email protected], Github: https://github.com/TGTGamer)
+ # -----
+ # Contributing: Please read through our contributing guidelines. Included are directions for opening
+ # issues, coding standards, and notes on development. These can be found at https://github.com/eventiva/eventiva/blob/develop/CONTRIBUTING.md
+ # 
+ # Code of Conduct: This project abides by the Contributor Covenant, version 2.0. Please interact in ways that contribute to an open,
+ # welcoming, diverse, inclusive, and healthy community. Our Code of Conduct can be found at https://github.com/eventiva/eventiva/blob/develop/CODE_OF_CONDUCT.md
+ # -----
+ # Copyright (c) 2023 Eventiva - All Rights Reserved
+ # LICENSE: Creative Commons Zero v1.0 Universal (CC0-1.0)
+ # -----
+ # This program has been provided under confidence of the copyright holder and is 
+ # licensed for copying, distribution and modification under the terms of
+ # the Creative Commons Zero v1.0 Universal (CC0-1.0) published as the License,
+ # or (at your option) any later version of this license.
+ # 
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # Creative Commons Zero v1.0 Universal for more details.
+ # 
+ # You should have received a copy of the Creative Commons Zero v1.0 Universal
+ # along with this program. If not, please write to: [email protected],
+ # or see https://creativecommons.org/publicdomain/zero/1.0/legalcode
+ # 
+ # DELETING THIS NOTICE AUTOMATICALLY VOIDS YOUR LICENSE - PLEASE SEE THE LICENSE FILE FOR DETAILS
+ # -----
+ # Last Modified: 08-05-2023
+ # By: Jonathan Stevens (Email: [email protected], Github: https://github.com/TGTGamer)
+ # Current Version: 0.0.0
+ ###
+
+name: GitGuardian scan
+
+on: [push, pull_request]
+
+jobs:
+  scanning:
+    name: GitGuardian scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # fetch all history so multiple commits can be scanned
+          submodules: 'recursive'
+          token: "${{ secrets.BOT_TOKEN }}"
+      - name: GitGuardian scan
+        uses: GitGuardian/ggshield/actions/secret@main
+        env:
+          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
+          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
+          GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}