V3 updates, Trivy fix, QA changes for 291

bcgov · Jul 30, 2024 · 6d82b57 · 6d82b57
1 parent 6f66c39
commit 6d82b57
Show file tree

Hide file tree

Showing 46 changed files with 742 additions and 695 deletions.
diff --git a/.github/workflows/analysis.yaml b/.github/workflows/analysis.yaml
@@ -1,38 +1,43 @@
-# name: Analysis
+name: Analysis
 
-# on:
-#   push:
-#     branches: [main]
-#   pull_request:
-#     types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
-#   schedule:
-#     - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
-#   workflow_dispatch:
+on:
+  push:
+    branches: [main]
+  pull_request:
+    types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
+  schedule:
+    - cron: "29 22 * * 4"
 
-# concurrency:
-#   group: ${{ github.workflow }}-${{ github.ref }}
-#   cancel-in-progress: true
+permissions:
+  contents: read
 
-# jobs:
-#   # https://github.com/marketplace/actions/aqua-security-trivy
-#   trivy:
-#     name: Trivy Security Scan
-#     if: ${{ ! github.event.pull_request.draft }}
-#     runs-on: ubuntu-22.04
-#     timeout-minutes: 1
-#     steps:
-#       - uses: actions/checkout@v4
-#       - name: Run Trivy vulnerability scanner in repo mode
-#         uses: aquasecurity/trivy-action@0.22.0
-#         with:
-#           format: "sarif"
-#           output: "trivy-results.sarif"
-#           ignore-unfixed: true
-#           scan-type: "fs"
-#           scanners: "vuln,secret,config"
-#           severity: "CRITICAL,HIGH"
+jobs:
+  trivy:
+    permissions:
+      contents: read
+      security-events: write
+    name: Trivy Security Scan
+    if: ${{ ! github.event.pull_request.draft }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
 
-#       - name: Upload Trivy scan results to GitHub Security tab
-#         uses: github/codeql-action/upload-sarif@v3
-#         with:
-#           sarif_file: "trivy-results.sarif"
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.22.0
+        with:
+          format: "sarif"
+          output: "trivy-results.sarif"
+          ignore-unfixed: true
+          scan-type: "fs"
+          scanners: "vuln,secret,config"
+          severity: "CRITICAL,HIGH"
+
+      - name: Print SARIF file
+        run: cat trivy-results.sarif
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"
diff --git a/.github/workflows/deploy_dev.yaml b/.github/workflows/deploy_dev.yaml
@@ -18,7 +18,7 @@ jobs:
     environment: dev
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: [20.x]
 
     defaults:
       run:

diff --git a/.github/workflows/deploy_prod.yaml b/.github/workflows/deploy_prod.yaml
@@ -20,7 +20,7 @@ jobs:
     environment: prod
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: [20.x]
 
     defaults:
       run:

diff --git a/.github/workflows/deploy_test.yaml b/.github/workflows/deploy_test.yaml
@@ -23,7 +23,7 @@ jobs:
     environment: test
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: [20.x]
 
     defaults:
       run:

diff --git a/.github/workflows/on-pr.yaml b/.github/workflows/on-pr.yaml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: [20.x]
     defaults:
       run:
         working-directory: "./arSam"

diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,2 @@
+# Ignore possible issue with empty URI
+AVD-AWS-0112
diff --git a/arSam/__tests__/mock_data.json b/arSam/__tests__/mock_data.json
@@ -30,6 +30,7 @@
       },
       {
         "sk": "HIST",
+        "orcs": "NA",
         "subAreas": [
           {
             "name": "LEGACY SUBAREA",

diff --git a/arSam/__tests__/settings.js b/arSam/__tests__/settings.js
@@ -1,13 +1,15 @@
-const REGION = process.env.AWS_REGION || 'local';
-const ENDPOINT = 'http://localhost:8000';
+const REGION = process.env.AWS_REGION || 'local-env';
+const ENDPOINT = 'http://172.17.0.2:8000';
 const TABLE_NAME = process.env.TABLE_NAME || 'ParksAr-tests';
 const CONFIG_TABLE_NAME = process.env.CONFIG_TABLE_NAME || 'ConfigAr-tests';
 const NAME_CACHE_TABLE_NAME = process.env.NAME_CACHE_TABLE_NAME || 'NameCacheAr-tests';
 
+
 module.exports = {
   REGION,
   ENDPOINT,
   TABLE_NAME,
   CONFIG_TABLE_NAME,
-  NAME_CACHE_TABLE_NAME,
+  NAME_CACHE_TABLE_NAME
 };
+
diff --git a/arSam/__tests__/setup.js b/arSam/__tests__/setup.js
@@ -1,19 +1,16 @@
-const { DynamoDB } = require('@aws-sdk/client-dynamodb');
+const { DynamoDBClient, CreateTableCommand, DeleteTableCommand } = require('@aws-sdk/client-dynamodb');
+const { REGION, ENDPOINT } = require('./settings');
+const crypto = require('crypto');
 
-const { REGION, ENDPOINT, TABLE_NAME, CONFIG_TABLE_NAME, NAME_CACHE_TABLE_NAME } = require('./settings');
 
-module.exports = async () => {
-  dynamoDb = new DynamoDB({
+async function createDB (TABLE_NAME, NAME_CACHE_TABLE_NAME, CONFIG_TABLE_NAME) {
+  dynamoDb = new DynamoDBClient({
     region: REGION,
     endpoint: ENDPOINT
   });
 
-  // TODO: This should pull in the JSON version of our serverless.yml!
-
   try {
-    console.log("Creating main table.");
-    await dynamoDb
-      .createTable({
+    let params =  {
         TableName: TABLE_NAME,
         KeySchema: [
           {
@@ -61,11 +58,12 @@ module.exports = async () => {
             }
           }
         ]
-      });
+      }
+
+
+    await dynamoDb.send(new CreateTableCommand(params));
 
-    console.log("Creating name-cache table.");
-    await dynamoDb
-      .createTable({
+    params = {
         TableName: NAME_CACHE_TABLE_NAME,
         KeySchema: [
           {
@@ -83,11 +81,11 @@ module.exports = async () => {
           ReadCapacityUnits: 1,
           WriteCapacityUnits: 1
         }
-      });
 
-    console.log("Creating config table.");
-    await dynamoDb
-      .createTable({
+      }
+    await dynamoDb.send(new CreateTableCommand(params))
+
+    params = {
         TableName: CONFIG_TABLE_NAME,
         KeySchema: [
           {
@@ -105,8 +103,52 @@ module.exports = async () => {
           ReadCapacityUnits: 1,
           WriteCapacityUnits: 1
         }
-      });
+    }
+    await dynamoDb.send(new CreateTableCommand(params));
+
   } catch (err) {
     console.log(err);
   }
 };
+
+function getHashedText(text) {
+  return crypto.createHash('md5').update(text).digest('hex');
+}
+
+async function deleteDB(TABLE_NAME, NAME_CACHE_TABLE_NAME, CONFIG_TABLE_NAME) {
+  const dynamoDb = new DynamoDBClient({
+    region: REGION,
+    endpoint: ENDPOINT
+  });
+
+  try {
+    //Delete Main Table
+    let param = {
+        TableName: TABLE_NAME
+      };
+
+    await dynamoDb.send(new DeleteTableCommand(param));
+
+    //Delete NameChache Table
+    param = {
+      TableName: NAME_CACHE_TABLE_NAME 
+    };
+    await dynamoDb.send(new DeleteTableCommand(param));
+
+    //Delete Config Table
+    param = {
+      TableName: CONFIG_TABLE_NAME
+    };
+    await dynamoDb.send(new DeleteTableCommand(param));
+
+
+  } catch (err) {
+    console.log(err);
+  }
+}
+
+module.exports = {
+  createDB,
+  getHashedText,
+  deleteDB
+}
diff --git a/arSam/handlers/activity/POST/index.js b/arSam/handlers/activity/POST/index.js
@@ -1,15 +1,19 @@
-const { marshall, unmarshall } = require('@aws-sdk/util-dynamodb');
 const { DateTime } = require('luxon');
 const { 
-  dynamodb,
+  dynamoClient,
+  PutItemCommand,
+  DeleteItemCommand,
+  UpdateItemCommand,
   runQuery,
   TABLE_NAME,
   getOne,
   FISCAL_YEAR_FINAL_MONTH,
   TIMEZONE,
   sendResponse,
   logger,
-  calculateVariance
+  calculateVariance,
+  marshall,
+  unmarshall,
 } = require('/opt/baseLayer');
 const { EXPORT_VARIANCE_CONFIG } = require('/opt/constantsLayer');
 
@@ -132,7 +136,7 @@ async function deleteVariance(body) {
 
   logger.info('Deleting variance record:', params);
 
-  await dynamodb.deleteItem(params);
+  await dynamoClient.send(new DeleteItemCommand(params));
 }
 
 async function checkVarianceTrigger(body) {
@@ -228,7 +232,7 @@ async function createVariance(body, fields) {
       TableName: TABLE_NAME,
       Item: newObject,
     };
-    await dynamodb.putItem(putObj);
+    await dynamoClient.send(new PutItemCommand(putObj));
   } catch (e) {
     logger.error(e);
   }
@@ -318,7 +322,7 @@ async function handleLockUnlock(record, lock, context) {
     ReturnValues: 'ALL_NEW',
   };
   try {
-    const res = await dynamodb.updateItem(updateObj);
+    const res = await dynamoClient.send(new UpdateItemCommand(updateObj));
     logger.info(`Updated record pk: ${record.pk}, sk: ${record.sk} `);
     const s = lock ? 'locked' : 'unlocked';
     return sendResponse(200, {
@@ -380,7 +384,7 @@ async function handleActivity(body, lock = false, context) {
       Item: newObject,
     };
 
-    await dynamodb.putItem(putObject);
+    await dynamoClient.send(new PutItemCommand(putObject));
     logger.info('Activity Updated.');
     return sendResponse(200, body, context);
   } catch (err) {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Ignore possible issue with empty URI
		AVD-AWS-0112