Merge branch 'develop'

istresearch · Feb 12, 2024 · d53f019 · d53f019
2 parents 92fcda5 + 40bb9c9
commit d53f019
Show file tree

Hide file tree

Showing 3 changed files with 103 additions and 4 deletions.
diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
@@ -15,7 +15,7 @@ jobs:
     outputs:
       VERSION_STR: ${{ steps.config_step.outputs.VERSION_STR }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: "Determine Version"
         id: config_step
@@ -35,7 +35,7 @@ jobs:
       SLACK_DEPLOY_MSG:
     steps:
       - name: "Trigger Container Build"
-        uses: peter-evans/repository-dispatch@v2
+        uses: peter-evans/repository-dispatch@v3
         with:
           token: ${{ secrets.CI_WEBHOOK_TOKEN }}
           repository: istresearch/ci-docker

diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
@@ -0,0 +1,80 @@
+name: "Tag Release"
+
+on:
+  push:
+    branches:
+      - main
+      - master
+
+jobs:
+  build_cfg:
+    runs-on: ubuntu-latest
+    outputs:
+      VERSION_STR: ${{ steps.config_step.outputs.VERSION_STR }}
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: "Create Version STR"
+        id: config_step
+        run: |-
+          VER_BUILD=$(date +%-H%M)
+          VERSION_STR="v$(date +%y).$(date +%-m).$(date +%-d)-${VER_BUILD:0:3}"
+          echo "VERSION_STR=${VERSION_STR}" >> $GITHUB_OUTPUT
+          echo "::notice::Version STR=${VERSION_STR}"
+
+      - name: "Create Release"
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ steps.config_step.outputs.VERSION_STR }}
+          release_name: ${{ steps.config_step.outputs.VERSION_STR }}
+          generate_release_notes: true
+          target_commitish: ${{ github.ref_name }}
+  #endjob build_cfg
+
+  trigger-build:
+    runs-on: ubuntu-latest
+    needs: [build_cfg]
+    environment: default
+    env:
+      K8S_PROJECT: pulse-engage-courier
+      K8S_CONTAINER: courier
+      SLACK_DEPLOY_MSG:
+    steps:
+      - name: "Trigger Container Build"
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.CI_WEBHOOK_TOKEN }}
+          repository: istresearch/ci-docker
+          event-type: build-repo
+          client-payload: |-
+            {
+              "repo": {
+                "name": "${{ github.repository }}",
+                "ref_type": "${{ github.ref_type }}",
+                "ref_name": "${{ github.ref_name }}"
+              },
+              "image": {
+                "dockerfile": "Dockerfile",
+                "arch_allowed": "amd64 arm64",
+                "name": "${{ github.repository }}",
+                "version": "${{ needs.build_cfg.outputs.VERSION_STR }}",
+                "build_args": [
+                ]
+              },
+              "deployment": {
+                "deploy_flag": "${{ github.ref_type == 'branch' }}",
+                "k8s_project": "${{ env.K8S_PROJECT }}",
+                "k8s_container": "${{ env.K8S_CONTAINER }}",
+                "deploy_msg": "${{ env.SLACK_DEPLOY_MSG }}"
+              },
+              "callback": {
+                "repository": "${{ github.repository }}",
+                "event_type": "build_image_result",
+                "error_type": "build_image_error"
+              }
+            }
+  #endjob trigger-build
diff --git a/channel_log.go b/channel_log.go
@@ -2,6 +2,8 @@ package courier
 
 import (
 	"fmt"
+	"os"
+	"regexp"
 	"strings"
 	"time"
 
@@ -12,6 +14,8 @@ import (
 // NilStatusCode is used when we have an error before even sending anything
 const NilStatusCode int = 417
 
+var sanitizeSecretsRegexp *regexp.Regexp
+
 // NewChannelLog creates a new channel log for the passed in channel, id, and request and response info
 func NewChannelLog(description string, channel Channel, msgID MsgID, method string, url string, statusCode int,
 	request string, response string, elapsed time.Duration, err error) *ChannelLog {
@@ -29,13 +33,28 @@ func NewChannelLog(description string, channel Channel, msgID MsgID, method stri
 		URL:         url,
 		StatusCode:  statusCode,
 		Error:       errString,
-		Request:     sanitizeBody(request),
+		Request:     sanitizeSecrets(sanitizeBody(request)),
 		Response:    sanitizeBody(response),
 		CreatedOn:   time.Now(),
 		Elapsed:     elapsed,
 	}
 }
 
+// PE-230 Request Sanitization
+func sanitizeSecrets(body string) string {
+	pattern, exists := os.LookupEnv("COURIER_SANITIZE_PATTERN")
+
+	if !exists {
+		pattern = "(?:^Po-Api-Key:.+\\n|^X-Api-Key:.+\\n|^Authorization:.+\\n|^Token:.+\\n)+"
+	}
+
+	if sanitizeSecretsRegexp == nil {
+		sanitizeSecretsRegexp = regexp.MustCompile(pattern)
+	}
+
+	return sanitizeSecretsRegexp.ReplaceAllString(body, "")
+}
+
 func sanitizeBody(body string) string {
 	parts := strings.SplitN(body, "\r\n\r\n", 2)
 	if len(parts) < 2 {
@@ -61,7 +80,7 @@ func NewChannelLogFromRR(description string, channel Channel, msgID MsgID, rr *u
 		Method:      rr.Method,
 		URL:         rr.URL,
 		StatusCode:  rr.StatusCode,
-		Request:     sanitizeBody(rr.Request),
+		Request:     sanitizeSecrets(sanitizeBody(rr.Request)),
 		Response:    sanitizeBody(rr.Response),
 		CreatedOn:   time.Now(),
 		Elapsed:     rr.Elapsed,