Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optimize build-frontend workflow #10071

Open
wants to merge 60 commits into
base: master
Choose a base branch
from
Open

Optimize build-frontend workflow #10071

wants to merge 60 commits into from
+354 −153

Conversation

jpandersen87
Copy link
Collaborator

@jpandersen87 jpandersen87 commented Jun 22, 2023
edited

Fixes #14324

This PR creates a dedicated frontend_ci workflow for pull requests within the frontend-react subdirectory. Activation by pull_request in all other workflow files for frontend have been removed with relevant tasks handled by frontend_ci. This workflow will first lint the frontend code before running all subsequent jobs. Concurrency is enabled so that obsolete jobs are automatically cancelled.

Also:

  • Activation of validate_resources by frontend paths disabled
  • pre_job in build_hub redundant with path activation so was removed
  • chromatic_pr removed as it is built into frontend_ci (and fixed so that TurboSnap works within PR context)
  • chromatic_master renamed to frontend_chromatic_main
  • chromatic comments in PRs updated to give more details and to remove prior comment before posting new one (to match general bot behavior of analysis runs as it keeps the comment within the relevant timeframe and will always send notifications)

@jpandersen87 jpandersen87 self-assigned this Jun 22, 2023
@jpandersen87 jpandersen87 temporarily deployed to staging June 22, 2023 22:01 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 22, 2023 22:06 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 22, 2023 22:18 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 22, 2023 22:22 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 22, 2023 22:52 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 22, 2023 22:58 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 00:14 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 00:26 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 02:12 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 02:17 — with GitHub Actions Inactive
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 02:31 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 02:39 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 02:43 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 02:52 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 03:06 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 03:17 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 03:33 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 03:35 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 03:47 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 06:04 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 06:19 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 06:45 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 07:37 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 07:44 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 07:45 — with GitHub Actions Inactive
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 07:53 — with GitHub Actions Inactive
snesm
snesm requested changes Jun 23, 2023
View reviewed changes
.github/actions/scan-frontend/action.yaml Outdated Show resolved Hide resolved
.github/workflows/build_hub.yml Outdated Show resolved Hide resolved
.github/actions/build-backend/action.yml Outdated Show resolved Hide resolved
@jpandersen87 jpandersen87 temporarily deployed to staging June 23, 2023 16:58 — with GitHub Actions Inactive
snesm
snesm reviewed May 6, 2024
View reviewed changes
.github/workflows/build_hub.yml
@@ -4,6 +4,11 @@ on:
pull_request:
branches:
- master
paths:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unnecessary: this is short-circuted based on changes detected via build vars
or should we move away from the using the build vars logic

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably move away from doing path detection if it's simple enough to be covered using the paths property in a github action doc.

.github/workflows/build_hub.yml Outdated Show resolved Hide resolved
.github/workflows/frontend_ci.yml
timeout-minutes: 5
strategy:
fail-fast: false
matrix:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice parallelization

.github/workflows/frontend_ci.yml
name: Frontend CI

on:
pull_request:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all branches (that match path)?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Except for production, I've just made an update to fix that.

.github/workflows/build_frontend.yaml
@@ -3,7 +3,6 @@ name: Frontend
on:
pull_request:
branches:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this obsolete this workflow and .github/actions/build-frontend (used below)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, it does not. This only changes pull_request-based workflows (except production) as a starter. Push-based actions will still trigger the original flows as well as PRs for production. This can be applied wider after an observation period if dev-ops desires.

@github-actions GitHub Actions
Copy link

github-actions bot commented May 6, 2024
edited

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/actions/checkout 0ad4b8fadaa221de15dcec353f45205ec38ea70b 🟢 7.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1020 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
actions/actions/setup-node 60edb5dd545a775178f52524783378180af0d1f8 🟢 5.7
Details
CheckScoreReason
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 55 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/chromaui/action ea1eee60c663ccb7e5d4cfd7a05fcc3a25b7c494 🟢 3
Details
CheckScoreReason
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 0Found 0/1 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0no SAST tool detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ -1no dependencies found
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
actions/actions/checkout 0ad4b8fadaa221de15dcec353f45205ec38ea70b 🟢 7.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1020 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
actions/actions/setup-node 60edb5dd545a775178f52524783378180af0d1f8 🟢 5.7
Details
CheckScoreReason
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 55 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/chromaui/action 11.*.* 🟢 3
Details
CheckScoreReason
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 0Found 0/1 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0no SAST tool detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ -1no dependencies found
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
actions/actions/checkout 0ad4b8fadaa221de15dcec353f45205ec38ea70b 🟢 7.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1020 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
actions/actions/setup-node 60edb5dd545a775178f52524783378180af0d1f8 🟢 5.7
Details
CheckScoreReason
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 55 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/chromaui/action 11.*.* 🟢 3
Details
CheckScoreReason
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 0Found 0/1 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0no SAST tool detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ -1no dependencies found
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
actions/peter-evans/create-or-update-comment 71345be0265236311c031f5c7866368bd1eff043 🟢 4.7
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/1 approved changesets -- score normalized to 0
Maintained🟢 1017 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/peter-evans/find-comment 3eae4d37986fb5a8592848f6a574fdf654e61f9e 🟢 4.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/5 approved changesets -- score normalized to 0
Maintained🟢 1019 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/tj-actions/changed-files 0874344d6ebbaa00a27da73276ae7162fadcaf69 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 3Found 8/25 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/actions/checkout b4ffde65f46336ab88eb53be808477a3936bae11 🟢 7.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1020 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
actions/actions/download-artifact 65a9edc5881444af0b9093a5e628f2fe47ea3b2e 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/actions/github-script 60a0d83039c74a4aee543508d2ffcb1c3799cdea 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
actions/actions/setup-node 60edb5dd545a775178f52524783378180af0d1f8 🟢 5.7
Details
CheckScoreReason
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 55 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/actions/upload-artifact 65462800fd760344b1a7b4382951275a0abb4808 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 9Found 10/11 approved changesets -- score normalized to 9
Maintained🟢 1024 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
SAST🟢 9SAST tool detected but not run on all commits
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/chromaui/action ea1eee60c663ccb7e5d4cfd7a05fcc3a25b7c494 🟢 3
Details
CheckScoreReason
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 0Found 0/1 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0no SAST tool detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ -1no dependencies found
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
actions/peter-evans/create-or-update-comment 71345be0265236311c031f5c7866368bd1eff043 🟢 4.7
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/1 approved changesets -- score normalized to 0
Maintained🟢 1017 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/peter-evans/find-comment 3eae4d37986fb5a8592848f6a574fdf654e61f9e 🟢 4.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/5 approved changesets -- score normalized to 0
Maintained🟢 1019 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/frontend_chromatic_main.yml
.github/workflows/chromatic-master.yml
.github/workflows/chromatic-pr.yml
.github/workflows/frontend_ci.yml

@CDCgov CDCgov deleted a comment from github-actions bot May 6, 2024
@CDCgov CDCgov deleted a comment from github-actions bot May 6, 2024
@jpandersen87 jpandersen87 requested a review from snesm May 6, 2024 20:47
@github-actions GitHub Actions
Copy link

github-actions bot commented May 6, 2024

Branch deployed to Chromatic 🚀.

  • ⚠️ Detected 46 tests with visual changes.
  • ✅ All tests passed.

View via:

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented May 6, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@penny-lischer penny-lischer added frontend Work Type label to flag work related to the front-end websites experience Team label to flag issues owned by the Experience Team labels May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snesm snesm Awaiting requested review from snesm

@etanb etanb Awaiting requested review from etanb

@penny-lischer penny-lischer Awaiting requested review from penny-lischer

@victor-chaparro victor-chaparro Awaiting requested review from victor-chaparro

Requested changes must be addressed to merge this pull request.

Assignees

@jpandersen87 jpandersen87

Labels
experience Team label to flag issues owned by the Experience Team frontend Work Type label to flag work related to the front-end websites
Projects
PRIME ReportStream Engagement
Status: New items
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve frontend PR checks overall time to complete
3 participants
@jpandersen87 @snesm @penny-lischer