Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix failing dependency-review-action jobs #3152

Merged
merged 1 commit into from
Jun 10, 2024
Merged

Fix failing dependency-review-action jobs #3152

merged 1 commit into from
Jun 10, 2024

Conversation

TylerHendrickson
Copy link
Member

Relates to PR #3135

Description

This PR fixes an issue introduced by the recent actions/dependency-review-action upgrade to v4.3.3 in #3135. New API endpoints are now being called by this action, and those domains were missing from our dependency-review job's egress policy. This PR adds the following allowed endpoints:

  • api.deps.dev:443
  • api.securityscorecards.dev:443

See also actions/dependency-review-action#736.

@TylerHendrickson TylerHendrickson self-assigned this Jun 10, 2024
@TylerHendrickson TylerHendrickson requested a review from a team as a code owner June 10, 2024 19:33
@TylerHendrickson TylerHendrickson requested a review from a team June 10, 2024 19:34
@github-actions github-actions bot added bug Something isn't working github labels Jun 10, 2024
@TylerHendrickson TylerHendrickson added the dependencies Pull requests that update a dependency file label Jun 10, 2024
@github-actions GitHub Actions
Copy link

QA Summary

QA Check Result
🌐 Client Tests
🔗 Server Tests
🤝 E2E Tests
📏 ESLint
🧹 TFLint

Test Coverage

Coverage report for `packages/client`
St File % Stmts % Branch % Funcs % Lines Uncovered Line #s
🔴 All files 13.95 10.9 15.66 14.15
🔴  src 0 0 0 0
🔴   App.vue 0 100 100 0 9
🔴   main.js 0 0 0 0 4-53
🔴  src/arpa_reporter 0 0 0 0
🔴   App.vue 0 100 100 0 13
🔴   main.js 0 0 0 0 4-36
🟡  ...ter/components 53.96 31.81 58.97 53.96
🔴   AlertBox.vue 33.33 0 0 33.33 35-36
🟡   ...oadButton.vue 57.14 50 42.85 57.14 60-67
🟢   ...ileButton.vue 100 100 100 100
🔴   ...ttonSmall.vue 0 100 0 0 13-23
🟢   ...mplateBtn.vue 100 100 100 100
🟡   ...avigation.vue 65 100 62.5 65 213-219,228-235
🔴   StandardForm.vue 37.5 25 55.55 37.5 124-128,135-157
🟢  ...porter/helpers 84.61 79.48 87.5 84.61
🟢   form-helpers.js 84.21 79.48 85.71 84.21 7,16,25,81-83
🟢   short-uuid.js 100 100 100 100
🔴  ...eporter/router 0 0 0 0
🔴   index.js 0 0 0 0 21-137
🔴  ...reporter/store 4.85 0 2.17 5.1
🔴   index.js 4.85 0 2.17 5.1 13-16,34-263
🔴  ...reporter/views 17.03 11.51 25.98 17.03
🟢   AgenciesView.vue 100 100 100 100
🔴   AgencyView.vue 0 0 0 0 30-96
🔴   HomeView.vue 16.66 5 50 16.66 113,137-207
🔴   LoginView.vue 0 0 0 0 49-100
🔴   ...plateView.vue 0 0 0 0 47-113
🔴   ...ploadView.vue 0 0 0 0 24-144
🔴   ...eriodView.vue 0 0 0 0 30-90
🔴   ...riodsView.vue 0 0 0 0 124-174
🔴   ...pientView.vue 0 0 0 0 56-152
🔴   ...ientsView.vue 0 0 0 0 103-210
🔴   UploadView.vue 49.12 47.61 78.94 49.12 ...41-442,448-449
🔴   UploadsView.vue 44.44 40.9 66.66 44.44 ...65-268,276-291
🔴   UserView.vue 40.62 20 68.75 40.62 84,97-137
🔴   UsersView.vue 0 0 0 0 61-129
🔴   ...ationView.vue 0 0 0 0 112-273
🔴  src/components 6.38 1.49 5.71 6.38
🔴   ...vityTable.vue 3.84 0 0 3.84 110-179
🔴   BaseLayout.vue 45.45 100 44.44 45.45 220-232
🔴   ...atesTable.vue 11.11 0 0 11.11 56-88
🔴   CopyButton.vue 0 100 0 0 29-49
🔴   GrantsTable.vue 3.84 0 0 3.84 187-543
🔴   ...dUploader.vue 3.7 0 0 3.7 55-111
🔴   SearchFilter.vue 5.55 0 0 5.55 40-82
🔴   UserAvatar.vue 12.5 0 0 12.5 29-40
🔴  ...ponents/Modals 8.72 1.6 10.93 8.75
🔴   ...anization.vue 18.75 0 22.22 18.75 143-178
🔴   AddTeam.vue 45 25 58.33 45 204,210,216-245
🔴   AddUser.vue 0 0 0 0 74-176
🔴   ...anization.vue 20 0 16.66 20 58-78
🔴   EditTeam.vue 12.19 0 30.76 12.19 208-301
🔴   EditUser.vue 0 0 0 0 67-128
🔴   ...ilsLegacy.vue 2.5 0 0 2.5 205-369
🔴   ImportTeams.vue 10 0 0 10 56-82
🔴   ImportUsers.vue 0 0 0 0 49-80
🔴   ...archPanel.vue 3.03 0 0 3.03 146-255
🔴   SearchPanel.vue 3.44 0 0 3.5 301-484
🔴  src/helpers 16.96 20 17.14 17.43
🟢   constants.js 100 100 100 100
🟢   currency.js 100 100 100 100
🟢   dates.js 100 100 100 100
🔴   fetchApi.js 5.71 16.66 5.88 5.71 9-97
🔴   filters.js 4 0 0 4.54 19-51
🔴   form-helpers.js 0 0 0 0 5-82
🟡   gtag.js 77.77 90 75 77.77 12,51
🟢  ...s/featureFlags 90.9 100 80 90.9
🟡   index.js 66.66 100 66.66 66.66 12
🟢   utils.js 100 100 100 100
🔴  src/mixin 20 0 28.57 20
🔴   ...zableTable.js 20 0 28.57 20 16-31,36-37,42
🔴  src/router 19.44 12.5 16.66 19.44
🔴   index.js 19.44 12.5 16.66 19.44 ...72-173,177-195
🟢  src/store 100 100 100 100
🟢   index.js 100 100 100 100
🔴  src/store/modules 3.58 0 4.72 3.77
🔴   agencies.js 5.26 100 8.33 5.55 13-70
🔴   alerts.js 20 100 20 20 10-24
🔴   grants.js 1.41 0 1.05 1.49 58-352
🔴   organization.js 33.33 100 33.33 33.33 21-25
🔴   roles.js 20 100 20 25 13-22
🔴   tenants.js 11.11 100 14.28 12.5 13-32
🔴   users.js 2.43 0 4.76 2.5 17-100
🔴  src/views 9.62 0 9.48 9.66
🔴   ...orterView.vue 0 0 0 0 96-151
🔴   ...boardView.vue 30 0 36.36 30 ...30-140,158-169
🔴   ...tailsView.vue 0 0 0 0 239-526
🟢   GrantsView.vue 100 100 100 100
🔴   LoginView.vue 5.88 0 0 5.88 87-134
🔴   MyGrantsView.vue 0 100 0 0 46-65
🔴   ...ofileView.vue 0 0 0 0 78-129
🟡   NotFoundView.vue 80 100 0 100
🔴   ...tionsView.vue 45.45 100 40 45.45 84,94-97,111-115
🔴   ...ivityView.vue 0 0 0 0 63-134
🟡   TeamsView.vue 54.54 100 50 54.54 142,156-163
🔴   ...DatesView.vue 0 0 0 0 49-119
🔴   UsersView.vue 0 0 0 0 62-139
Coverage report for `packages/server`
St File % Stmts % Branch % Funcs % Lines Uncovered Line #s
🟡 All files 55.6 48.1 50.27 55.88
🟢  src 82 33.33 60 82
🟢   configure.js 82 33.33 60 82 43,62-69,98-100
🟢  src/arpa_reporter 98.75 66.66 100 98.75
🟢   configure.js 97.36 40 100 97.36 36
🟢   environment.js 100 100 100 100
🟢   use-request.js 100 100 100 100
🔴  src/arpa_reporter/db 38.58 32.92 44.44 40.16
🔴   arpa-subrecipients.js 13.15 4.34 15.38 14.28 23-92
🔴   reporting-periods.js 37.2 46.87 40 38.09 46,77-156
🟢   settings.js 100 83.33 100 100 13
🟡   uploads.js 50 28.57 52.38 51.42 18-29,84,99-124,141-150
🔴  src/arpa_reporter/lib 29.57 33.08 34.56 28.46
🟢   arpa-ec-codes.js 100 100 100 100
🔴   audit-report.js 21.44 19.35 24.19 21.32 ...28-529,554-684,732-758
🟡   ensure-async-context.js 75 100 50 100
🟢   format.js 90.62 90 90 91.3 41-42
🟡   log.js 75 50 50 75 13,25
🟡   preconditions.js 66.66 33.33 100 66.66 3
🔴   spreadsheet.js 9.09 0 0 9.09 15-32
🟢   validation-error.js 85.71 100 50 85.71 16
🔴  src/arpa_reporter/routes 40 14.92 14.28 40.6
🔴   agencies.js 22.58 0 0 23.33 13-21,26-53
🟡   application_settings.js 75 100 0 75 10-11
🟡   audit-report.js 68.91 58.33 100 68.91 57-58,64-78,100-116
🟢   exports.js 81.42 83.33 100 81.42 61-75,98-99
🔴   reporting-periods.js 20 0 0 20.43 ...25-137,143-149,154-180
🔴   subrecipients.js 23.8 0 0 23.8 12-13,17-27,31-48,52-63
🔴   uploads.js 28.28 7.89 9.09 29.16 ...33-154,164-166,173-180
🔴   users.js 19.6 0 0 20 15-35,39-44,48-81
🔴  src/arpa_reporter/services 42.83 30.41 45.71 43.22
🔴   generate-arpa-report.js 36.86 2.79 50 37.24 ...-974,983-996,1070-1137
🔴   get-template.js 21.62 0 0 21.62 18-79
🟡   persist-upload.js 68.6 90 69.56 68.67 ...58-200,221-235,273-295
🔴   records.js 20.75 0 11.11 21.15 38-204,221-276
🔴   revalidate-uploads.js 37.5 100 0 37.5 5-14
🔴   validate-upload.js 38.86 50.6 33.33 39.81 ...20,339,361,379-656,671
🟢   validation-rules.js 98.18 90 90.9 100 157,173
🟡  src/db 74.45 71.31 68.78 74.49
🟢   connection.js 100 50 100 100 6
🟢   constants.js 100 100 100 100
🟡   helpers.js 75 83.33 50 75 5,21-22
🟢   index.js 82.57 78.36 82.35 82.53 ...62-1428,1610-1611,1618
🟢   saved_search_migration.js 92 88.23 71.42 93.61 5,69,134
🔴   tenant_creation.js 10.58 2.7 0 11.11 15-40,48-210,220
🔴  src/db/arpa_reporter_db_shims 23.68 0 0 23.68
🔴   agencies.js 22.22 100 0 22.22 11-51
🔴   users.js 25 0 0 25 12-62
🟡  src/lib 68.2 64 62.88 69.21
🟢   access-helpers.js 93.54 89.18 100 93.54 96-97,102-103
🟢   agencyImporter.js 90.38 88.46 100 90.19 26,29,35,93-94
🔴   batchProcessor.js 2.94 0 0 3.03 35-104
🟢   email.js 92.85 79.24 100 92.76 ...38,160-164,211,357-360
🔴   gost-aws.js 47.82 37.5 42.85 47.72 13-58,94,104,114-134
🟢   grants-ingest.js 83.33 97.5 90 83.33 ...28-131,138-140,155-159
🔴   grantsgov.js 6.25 6.52 0 6.97 12-220
🟡   logging.js 77.77 85.71 100 77.77 11,13
🟢   redirect_validation.js 100 100 100 100
🟢   userImporter.js 82.27 58.33 88.88 81.57 32,47,53,62,73-81,143-152
🔴  src/lib/annualReports 27.38 0 0 27.38
🔴   doc-builder.js 7.69 0 0 7.69 19-352
🟡   index.js 80 100 0 80 6
🟢   placeholderTextStrings.js 100 100 100 100
🔴   reportBuilder.js 17.24 0 0 17.24 21-33,50-62,86-103
🟢  src/lib/arpa_reporter_shims 100 100 100 100
🟢   email.js 100 100 100 100
🟢  src/lib/email 93.1 87.5 100 92.59
🟢   constants.js 100 100 100 100
🟢   email-nodemailer.js 88.23 83.33 100 86.66 33,64
🟢   service-email.js 100 100 100 100
🟢  src/lib/fieldConfigs 100 100 100 100
🟢   fundingActivityCategories.js 100 100 100 100
🔴  src/lib/grantscraper 11.86 0 0 12.96
🔴   index.js 11.86 0 0 12.96 11-92,[98...[Comment body truncated]

@github-actions GitHub Actions
Copy link

Terraform Summary

Step Result
🖌 Terraform Format & Style
⚙️ Terraform Initialization
🤖 Terraform Validation
📖 Terraform Plan

Hint: If "Terraform Format & Style" failed, run terraform fmt -recursive from the terraform/ directory and commit the results.

Output

Validation Output 
stdout:
Success! The configuration is valid.


-------------------------------------
stderr:
Plan Summary
CHANGE RESOURCE
update module.api.aws_ecs_service.default[0]
module.api.module.grant_digest_scheduled_task.aws_iam_role_policy.default[0]
module.api.module.grant_digest_scheduled_task.aws_scheduler_schedule.default[0]
module.arpa_audit_report.aws_ecs_service.default
module.arpa_treasury_report.aws_ecs_service.default
module.consume_grants.aws_ecs_service.default
module.website.aws_s3_object.deploy-config[0]
module.website.aws_s3_object.origin_dist_artifact["js/chunk-vendors.fdfe22a0.js.map"]
recreate module.api.aws_ecs_task_definition.default[0]
module.arpa_audit_report.aws_ecs_task_definition.consumer
module.arpa_treasury_report.aws_ecs_task_definition.consumer
module.consume_grants.aws_ecs_task_definition.consume_grants

Pusher: @TylerHendrickson, Action: pull_request_target, Workflow: Continuous Integration

as1729
as1729 approved these changes Jun 10, 2024
View reviewed changes
Copy link
Contributor

@as1729 as1729 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had a bit of trouble finding where they were using api.securityscorecards.dev in the changelog but finally found it here: https://github.com/actions/dependency-review-action/blob/df5d74f5d3fc9748a904ea2f1dc6bdddea6439d6/src/scorecard.ts#L52

Looks good, thanks @TylerHendrickson !

@as1729 as1729 merged commit f1426df into main Jun 10, 2024
22 checks passed
@as1729 as1729 deleted the fix/3135-dependency-review-egress branch June 10, 2024 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@as1729 as1729 as1729 approved these changes

Assignees

@TylerHendrickson TylerHendrickson

Labels
bug Something isn't working dependencies Pull requests that update a dependency file github
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TylerHendrickson @as1729