Skip to content

Add 401 responses to OpenAPI desc #8

Add 401 responses to OpenAPI desc

Add 401 responses to OpenAPI desc #8

name: Pipeline
on:
workflow_dispatch:
push:
branches:
- vuln-api-hardened
env:
PIPELINE_USER_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
PIPELINE_USER_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
SAM_TEMPLATE: books-api/template.yaml
STACK_NAME: books-api-hardened
PIPELINE_EXECUTION_ROLE: ${{ vars.PIPELINE_EXECUTION_ROLE }}
CLOUDFORMATION_EXECUTION_ROLE: ${{ vars.CLOUDFORMATION_EXECUTION_ROLE }}
ARTIFACTS_BUCKET: ${{ vars.ARTIFACTS_BUCKET }}
# change region to your preferred region
AWS_REGION: ${{ vars.AWS_REGION }}
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-dotnet@v2
with:
dotnet-version: '6.0.x'
- run: |
dotnet test books-api/test/Bookstore.Test/Bookstore.Tests.csproj
build-and-package:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- uses: actions/setup-dotnet@v2
with:
dotnet-version: '6.0.x'
- uses: aws-actions/setup-sam@v2
- name: Build resources
run: sam build --template ${SAM_TEMPLATE}
- name: Assume the pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.PIPELINE_EXECUTION_ROLE }}
role-session-name: lambda-packaging
role-duration-seconds: 3600
role-skip-session-tagging: true
- name: Upload artifacts to artifact buckets
run: |
sam package \
--s3-bucket ${ARTIFACTS_BUCKET} \
--region ${AWS_REGION} \
--output-template-file packaged-lambda.yaml
- uses: actions/upload-artifact@v2
with:
name: packaged-lambda.yaml
path: packaged-lambda.yaml
lint-api:
name: linting-api
needs: [build-and-package]
runs-on: ubuntu-latest
steps:
# Check out the repository
- uses: actions/checkout@v2
- uses: actions/setup-node@v3
- run: |
npm install --save -D @stoplight/spectral-owasp-ruleset@1.4.3
npm install --save -D @stoplight/spectral-cli
# Run Spectral
- uses: stoplightio/spectral-action@latest
with:
file_glob: 'API-Definitions/*.yaml'
spectral_ruleset: 'owasp.spectral.yaml'
deploy:
needs: [lint-api]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- uses: actions/setup-dotnet@v2
with:
dotnet-version: '6.0.x'
- uses: aws-actions/setup-sam@v2
- uses: actions/download-artifact@v2
with:
name: packaged-lambda.yaml
- name: Assume the pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.PIPELINE_EXECUTION_ROLE }}
role-session-name: lambda-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- name: Deploy to account
run: |
sam deploy --stack-name ${STACK_NAME} \
--template packaged-lambda.yaml \
--capabilities CAPABILITY_IAM \
--region ${AWS_REGION} \
--s3-bucket ${ARTIFACTS_BUCKET} \
--no-fail-on-empty-changeset \
--role-arn ${CLOUDFORMATION_EXECUTION_ROLE}
integration-test:
needs: [deploy]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-dotnet@v2
with:
dotnet-version: '6.0.x'
- name: Assume the pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.PIPELINE_EXECUTION_ROLE }}
role-session-name: testing-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- run: |
dotnet test books-api/test/Bookstore.IntegrationTest/Bookstore.IntegrationTest.csproj
env:
STACK_NAME: ${{ env.STACK_NAME}}
AWS_REGION: ${{ env.AWS_REGION }}
output-endpoint:
needs: [integration-test]
runs-on: ubuntu-latest
steps:
- name: Assume the pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.PIPELINE_EXECUTION_ROLE }}
role-session-name: get-cloud-formation-output
role-duration-seconds: 3600
role-skip-session-tagging: true
- run: |
echo "AWS_API_ENDPOINT=$( aws cloudformation \
--region ${AWS_REGION} describe-stacks \
--stack-name ${STACK_NAME} \
--query "Stacks[0].Outputs[0].OutputValue" --output text)" >> $GITHUB_OUTPUT
id: get-outputs
- name: Write summary
run: |
echo "AWS_API_Gateway_Endpoint: ${{steps.get-outputs.outputs.AWS_API_ENDPOINT}}" >> $GITHUB_STEP_SUMMARY