Merge pull request #61 from advanced-security/copilot/add-ci-workflow-for-prs

Add CI workflow and fix axios CVEs in remediateGoogleAPIKey

Author: felickz

.github/workflows/test.yaml

@@ -1,29 +1,65 @@
-name: Testing GSSAR
+name: CI
+permissions:
+  contents: read
 "on":
   push:
     branches:
       - main
-      - ft/**
-      - bug/**
-      - hotfix/**
-      - release/**
   pull_request:
     branches:
       - main
-      - ft/**
-      - bug/**
-      - hotfix/**
-      - release/**
 jobs:
-  LintCloudFormation:
-    permissions:
-      contents: read
+  lint-and-format:
+    name: Lint & Format Check
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-      - name: Setup Cloud Formation Linter with Latest Version
+        uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: Run Prettier check
+        run: yarn run prettier-check
+      - name: Run ESLint check
+        run: yarn run lint-check
+
+  lint-cloudformation:
+    name: CloudFormation Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup CloudFormation Linter
         uses: scottbrenner/cfn-lint-action@v2
-      - name: Print the Cloud Formation Linter Version & run Linter.
-        run: |
-          cfn-lint -t ./template.yml
+      - name: Run CloudFormation Linter
+        run: cfn-lint -t ./template.yml
+
+  build-functions:
+    name: Build ${{ matrix.function }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        function:
+          - functions/authorizers/githubWebhookIPValidator
+          - functions/authorizers/githubWebhookSecretValidator
+          - functions/helpers/getSecretDetails
+          - functions/helpers/closeSecret
+          - functions/helpers/githubIssueNotifier
+          - functions/remediators/remediateAWSAccessKey
+          - functions/remediators/remediateGoogleAPIKey
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - name: Install dependencies
+        working-directory: ${{ matrix.function }}
+        run: yarn install --frozen-lockfile
+      - name: Build
+        working-directory: ${{ matrix.function }}
+        run: yarn run build

functions/remediators/remediateGoogleAPIKey/package.json

@@ -18,14 +18,14 @@
     "@types/node": "^18.11.17",
     "@typescript-eslint/eslint-plugin": "^5.47.0",
     "@typescript-eslint/parser": "^5.47.0",
+    "axios": "^1.15.0",
     "eslint": "^8.30.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-prettier": "^4.2.1",
     "prettier": "^2.8.1",
     "ts-node": "^10.9.1",
     "tslib": "^2.4.1",
-    "typescript": "^4.9.4",
-    "axios": "^1.15.0"
+    "typescript": "^4.9.4"
   },
   "engines": {
     "node": "20"

functions/remediators/remediateGoogleAPIKey/yarn.lock

@@ -1105,7 +1105,7 @@ asynckit@^0.4.0:
 
 axios@^1.15.0:
   version "1.15.0"
-  resolved "https://registry.yarnpkg.com/axios/-/axios-1.15.0.tgz#0fcee91ef03d386514474904b27863b2c683bf4f"
+  resolved "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz"
   integrity sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==
   dependencies:
     follow-redirects "^1.15.11"