Merge pull request #149 from aws-solutions/release/v2.0.0

Release v2.0.0

Author: tbelmega

.github/workflows/build.yml

@@ -0,0 +1,25 @@
+name: Build
+on:
+  push:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  build:
+    name: Build
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: source
+    strategy:
+      matrix:
+        node-version: [16]
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: npm
+        cache-dependency-path: source/package-lock.json
+    - run: npm ci
+    - run: npm run build

.github/workflows/cdk-nag.yml

@@ -0,0 +1,33 @@
+name: CDK Nag
+on:
+  push:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  cdk-nag:
+    name: CDK Nag
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: source
+    strategy:
+      matrix:
+        node-version: [16]
+        working-directory:
+        - solution_deploy
+        - playbooks/AFSBP
+        - playbooks/CIS120
+        - playbooks/CIS140
+        - playbooks/NEWPLAYBOOK
+        - playbooks/PCI321
+        - playbooks/SC
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: npm
+        cache-dependency-path: source/package-lock.json
+    - run: npm ci
+    - run: cd ${{ matrix.working-directory }} && npx cdk synth

.github/workflows/code-style-lint.yml

@@ -0,0 +1,44 @@
+name: Code Style and Lint
+on:
+  push:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  prettier:
+    name: Style Check
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: source
+    strategy:
+      matrix:
+        node-version: [16]
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: npm
+        cache-dependency-path: source/package-lock.json
+    - run: npm ci
+    - run: npx prettier --check '**/*.ts'
+  eslint:
+    name: ESLint
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+       working-directory: source
+    strategy:
+      matrix:
+        node-version: [16]
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: npm
+        cache-dependency-path: source/package-lock.json
+    - run: npm ci
+    - run: npx eslint --ext .ts --max-warnings=0 .

.github/workflows/codeql.yml

@@ -0,0 +1,20 @@
+name: CodeQL
+on:
+  push:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  codeql:
+    name: CodeQL
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [javascript, typescript]
+    steps:
+    - uses: actions/checkout@v3
+    - uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+    - uses: github/codeql-action/analyze@v2

.github/workflows/solutions-pipeline.yml

@@ -0,0 +1,23 @@
+name: Solutions Pipeline
+env:
+  REGION: us-east-1
+on: push
+jobs:
+  solutions-pipeline:
+    name: Solutions Pipeline
+    if: github.repository_owner == 'aws-solutions'
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        role-to-assume: ${{ secrets.DISPATCHER_ROLE_ARN }}
+        aws-region: ${{ env.REGION }}
+        role-duration-seconds: 900
+        role-session-name: OIDCSession
+    - name: Run CodeBuild
+      uses: aws-actions/aws-codebuild-run-build@v1
+      with:
+        project-name: ${{ secrets.DISPATCHER_CODEBUILD_PROJECT_NAME }}

.github/workflows/unit-test.yml

@@ -0,0 +1,25 @@
+name: Unit Test
+on:
+  push:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  unit-test:
+    name: Unit Test
+    if: ${{ (github.repository_owner != 'aws-solutions' && github.event_name == 'push') || (github.repository_owner == 'aws-solutions' && github.event_name == 'pull_request') }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: source
+    strategy:
+      matrix:
+        node-version: [16]
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: npm
+        cache-dependency-path: source/package-lock.json
+    - run: npm ci
+    - run: cd ../deployment && DEBUG=true ./run-unit-tests.sh

.github/workflows/viperlight.yml

@@ -0,0 +1,19 @@
+name: Viperlight
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  viperlight:
+    name: Viperlight
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - run: curl https://viperlight-scanner.s3.amazonaws.com/latest/viperlight.zip -o ./viperlight.zip
+    - run: unzip -q ./viperlight.zip -d ../viperlight && rm ./viperlight.zip
+    - run: |
+        ../viperlight/bin/viperlight scan \
+          -m files-contents \
+          -m files-aws \
+          -m files-binary \
+          -m files-entropy \
+          -m files-secrets

.gitignore

@@ -1,69 +1,39 @@
+# build
+/deployment/global-s3-assets/
+/deployment/open-source/
+/deployment/regional-s3-assets/
+/deployment/setenv.sh
+/deployment/temp/
+
+# test
+/deployment/test/coverage-reports/
+
+# Typescript
+/source/dist/
+*.d.ts
+*.js
 
-.DS_Store
-inputs.md/*
-source/example*
-**/__pycache__/*
-source/playbooks/**/_description.txt
-deployment/temp/*
-deployment/test/*
-
-**/build
-**/package
-**/global-s3-assets
-**/regional-s3-assets
-**/open-source
-**/.zip
-**/tmp
-**/out-tsc
-
-# dependencies
-**/node_modules
-
-# coverage
-**/coverage
-**/package
-**/.coverage
-
-# misc
-**/npm-debug.log
-**/testem.log
-**/.vscode/settings.json
-**/*.zip
-**/*local-runner*
-**/*create-stack.sh
-
+# config
+!.eslintrc.js
 
-# System Files
-**/.DS_Store
-**/.vscode
+# Node
+node_modules/
 
-# CDK files
-*.js
-!jest.config.js
-*.d.ts
-node_modules
+# CDK
+cdk.out/
 
-# CDK asset staging directory
-.cdk.staging
-cdk.out
+# Jest
+coverage/
 
-# Python modules
-*.dist-info
-source/solution_deploy/source/certifi
-source/solution_deploy/source/chardet
-source/solution_deploy/source/idna
-source/solution_deploy/source/requests
-source/solution_deploy/source/urllib3
+# Python
+.venv/
+__pycache__/
 
-# Parcel build directories
-.cache
-.build
+# pytest
+.coverage
 
-*.idea
+# IDE
+.vscode/
 
-# Build files
-source/playbooks/*/template
-deployment/setenv.sh
-source/solution_deploy/source/bin
-source/playbooks/*/source/lib/*
-deployment/temp
+# system
+.DS_Store

.viperlightignore

@@ -0,0 +1,23 @@
+# CDK files - files produced/installed by CDK
+# js files produced by npm
+.*.js
+# jest.config
+.*.d.ts
+.*/node_modules/
+.cdk.staging
+.*/package-lock.json
+# Developer work files - not present in pipeline
+deployment/build/
+deployment/temp/
+deployment/global-s3-assets/
+deployment/regional-s3-assets/
+deployment/open-source/
+deployment/test/
+# ignore own scan file
+vlscan.json
+# Ignore repo Config
+Config
+.venv
+
+[python-pipoutdated]
+boto3=1.20.32 # Should match Lambda runtime: https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html

.viperlightrc

@@ -0,0 +1,4 @@
+{
+  "failOn": "medium",
+  "all": true
+}