-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Cecilia Liu
committed
Aug 6, 2024
1 parent
92626eb
commit 231d782
Showing
4 changed files
with
103 additions
and
0 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| # Code owners: | ||
| * @MeasureAuthoringTool/madie-developers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| ## CQL to ELM Translation Service PR | ||
|
|
||
| Jira Ticket: [MAT-0000](https://jira.cms.gov/browse/MAT-0000) | ||
| (Optional) Related Tickets: | ||
|
|
||
| ### Summary | ||
|
|
||
| ### All Submissions | ||
| * [ ] This PR has the JIRA linked. | ||
| * [ ] Required tests are included. | ||
| * [ ] No extemporaneous files are included (i.e Complied files or testing results). | ||
| * [ ] This PR is merging into the **correct branch**. | ||
| * [ ] All Documentation needed for this PR is Complete (or noted in a TODO or other Ticket). | ||
| * [ ] Any breaking changes or failing automations are noted by placing a comment on this PR. | ||
|
|
||
| ### DevSecOps | ||
| If there is a question if this PR has a security or infrastructure impact, please contact the Security or DevOps engineer assigned to this project to discuss it further. | ||
|
|
||
| * [ ] This PR has NO significant security impact (i.e Changing auth methods, Adding a new user type, Adding a required but vulnerable package). | ||
|
|
||
| ### Reviewers | ||
| By Approving this PR you are attesting to the following: | ||
|
|
||
| * Code is maintainable and reusable, reuses existing code and infrastructure where appropriate, and accomplishes the task’s purpose. | ||
| * The tests appropriately test the new code, including edge cases. | ||
| * If you have any concerns they are brought up either to the developer assigned, security engineer, or leads. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| # @format | ||
|
|
||
| name: Github Secrets Scanner | ||
|
|
||
| on: [push] | ||
|
|
||
| jobs: | ||
| gitleaks_scan: | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| REPO: https://github.com/MeasureAuthoringTool/madie-fhir-elm-translator | ||
| REMOTE_EXCLUDES_URL: https://raw.githubusercontent.com/semanticbits/bmat-gitleaks-automation/master/madie-fhir-elm-translator/gitleaks.toml | ||
| GITLEAKS_VERSION: v7.5.0 | ||
| steps: | ||
| - name: Execute Gitleaks | ||
| run: | | ||
| wget ${REMOTE_EXCLUDES_URL} -O gitleaks.toml | ||
| wget https://github.com/zricethezav/gitleaks/releases/download/${GITLEAKS_VERSION}/gitleaks-linux-amd64 -O gitleaks | ||
| chmod +x gitleaks | ||
| echo ${GITHUB_SHA} | ||
| echo "gitleaks --repo-url=${REPO} -v --redact --commit=${GITHUB_SHA} --config-path=gitleaks.toml" | ||
| ./gitleaks --repo-url=${REPO} -v --redact --commit=${GITHUB_SHA} --config-path=gitleaks.toml | ||
| - name: Slack notification | ||
| if: failure() | ||
| env: | ||
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | ||
| uses: Ilshidur/action-slack@master | ||
| with: | ||
| args: "Potential Secrets found in: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }} Link to build with full gitleaks output: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }}/checks" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| name: Java CI | ||
|
|
||
| on: | ||
| push: | ||
| branches: [master, develop] | ||
| pull_request: | ||
| branches: [master, develop] | ||
|
|
||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Set up JDK 17 | ||
| uses: actions/setup-java@v4 | ||
| with: | ||
| distribution: 'corretto' | ||
| java-version: '17' | ||
|
|
||
| # Github Authentication is required to download artifacts from github packages | ||
| # A secret is created for this repo, so that github actions can fetch it, the secret is named after GH_PAT_FOR_ACTIONS_TOKEN | ||
| - name: maven-settings | ||
| uses: s4u/maven-settings-action@v2 | ||
| with: | ||
| servers: '[{"id": "github", "username": "madieUser", "password": "${GITHUB_TOKEN_REF}"}]' | ||
| githubServer: false | ||
|
|
||
| - name: Build with Maven | ||
| run: mvn clean install --file pom.xml | ||
| env: | ||
| GITHUB_TOKEN_REF: ${{ secrets.GH_PAT_FOR_ACTIONS_TOKEN }} | ||
|
|
||
|
|
||
| - name: Upload coverage reports to Codecov | ||
| uses: codecov/codecov-action@v3 | ||
|
|
||
| - name: Cache local Maven repository | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ~/.m2/repository | ||
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-maven- |