Skip to content

ministryofjustice/hmpps-github-actions

BranchesTags

Repository files navigation

hmpps-github-actions

Github actions for HMPPS projects

Outline

This contains a library of Github actions for use by other projects. These include:

  • security scans
  • testing / deployments
  • slack messaging templates

Security workflows

  • NPM dependency
  • NPM outdated
  • OWASP reports
  • Trivy reports
  • Veracode pipeline scan
  • Veracode policy scan

Migrating from CircleCI

Documentation for migrating security scans from CircleCI to Github Actions can be found in this document

Slack actions

  • slack_prepare_results: filter non-Slack compatible text out of a text file and load it into a variable
  • slack_failure_results: report on a failed operation with results as generated by slack_prepare_results
  • slack_codescan_notification: links to the Codescan section of a repository to show the currently identified issues

Templates

These workflows are called by other repositories. Templates to call these are in the templates directory.

Version Control

Workflows and actions are referred to by the tags associated with the current release, eg:

    - uses: ministryofjustice/hmpps-github-actions/.github/actions/[email protected] # WORKFLOW_VERSION

When a new release is issued, all of these referred workflows (as well as the calling ones within applications) will need to be updated as well.

TODO

  • Update the discovery tool to scan the version of Github Actions Workflows

About

Github actions for HMPPS projects

Topics

hmpps

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

17 watching

Forks

0 forks
Report repository

Releases 5

Security: include python scripts inline to obviate needing to copy them to each project Latest
Oct 14, 2024
+ 4 releases

Packages

No packages published

Contributors 5

Languages