Skip to content

[roadmap] Add evidence storage restore drill phase two #271

[roadmap] Add evidence storage restore drill phase two

[roadmap] Add evidence storage restore drill phase two #271

Workflow file for this run

name: CI
on:
push:
branches: ["main", "master"]
pull_request:
permissions:
contents: read
jobs:
rust-backend-tests:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v7
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
components: rustfmt, clippy
- name: Check Rust formatting
run: |
cargo fmt --manifest-path rust/iscy-backend/Cargo.toml -- --check
- name: Run Rust clippy
run: |
cargo clippy --locked --manifest-path rust/iscy-backend/Cargo.toml --all-targets -- -D warnings
- name: Run Rust backend tests
run: |
cargo test --locked --manifest-path rust/iscy-backend/Cargo.toml
- name: Install verified Rust supply-chain tools
uses: taiki-e/install-action@v2
with:
tool: cargo-audit,cargo-deny
fallback: none
- name: Audit Rust dependency advisories
run: |
cargo audit --file rust/iscy-backend/Cargo.lock --ignore RUSTSEC-2023-0071
- name: Check Rust dependency licenses and sources
run: |
cargo deny --manifest-path rust/iscy-backend/Cargo.toml check advisories licenses sources
rust-bootstrap-smoke:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v7
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Run Rust DB/bootstrap HTTP smoke
run: |
make rust-smoke
nix-rust-smoke:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v7
- uses: cachix/install-nix-action@v31
with:
extra_nix_config: |
experimental-features = nix-command flakes
- name: Run Nix Rust app smoke
run: |
tmpdir="$(mktemp -d)"
db_path="$tmpdir/iscy-nix-smoke.sqlite3"
cookie_file="$tmpdir/iscy-nix-smoke.cookies"
evidence_file="$tmpdir/evidence.txt"
import_file="$tmpdir/import-preview.csv"
export DATABASE_URL="sqlite:////${db_path#/}"
export ISCY_MEDIA_ROOT="$tmpdir/media"
export RUST_BACKEND_BIND="127.0.0.1:19001"
export RUST_BACKEND_URL="http://127.0.0.1:19001"
printf 'rust smoke evidence\n' > "$evidence_file"
printf 'Name,Beschreibung,BusinessUnit,Status\nRust Smoke Process,Previewed import,Security Operations,PARTIAL\n' > "$import_file"
nix run .#iscy-backend -- init-demo
nix run .#iscy-backend >"$tmpdir/iscy-backend.log" 2>&1 &
pid="$!"
trap 'kill "$pid" >/dev/null 2>&1 || true' EXIT
for _ in $(seq 1 60); do
if curl -fsS "$RUST_BACKEND_URL/health/live" >/dev/null 2>&1; then
break
fi
if ! kill -0 "$pid" >/dev/null 2>&1; then
cat "$tmpdir/iscy-backend.log"
exit 1
fi
sleep 1
done
curl -fsS "$RUST_BACKEND_URL/health/live" >/dev/null
curl -fsS "$RUST_BACKEND_URL/status/" >/dev/null
curl -fsS -c "$cookie_file" -H "content-type: application/json" -d '{"tenant_id":1,"username":"admin","password":"Admin123!"}' "$RUST_BACKEND_URL/api/v1/auth/sessions" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/auth/session" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/dashboard/" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/admin/users/" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/imports/" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/incidents/" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/incidents/1" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/incidents/1/nis2-export" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/incidents/1/nis2-export.html" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/incidents/1/nis2-export.pdf" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/accounts/users" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/accounts/roles" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/accounts/groups" >/dev/null
curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/accounts/permissions" >/dev/null
curl -fsS -b "$cookie_file" -F import_type='processes' -F "file=@$import_file;filename=preview.csv;type=text/csv" "$RUST_BACKEND_URL/api/v1/import-center/preview" >/dev/null
curl -fsS -b "$cookie_file" -H "content-type: application/json" -d '{"import_type":"business_units","replace_existing":false,"csv_data":"name\nRust Smoke Import"}' "$RUST_BACKEND_URL/api/v1/import-center/csv" >/dev/null
curl -fsS -b "$cookie_file" -F title='Rust Smoke Evidence' -F status='SUBMITTED' -F session_id='1' -F requirement_id='1' -F incident_id='1' -F "file=@$evidence_file;filename=evidence.txt;type=text/plain" "$RUST_BACKEND_URL/api/v1/evidence/uploads" >/dev/null
curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/catalog/domains" >/dev/null
curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/requirements" >/dev/null
curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/incidents" >/dev/null
curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/incidents/1/nis2-export" >/dev/null
curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/incidents/1/nis2-export.html" >/dev/null
curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/incidents/1/nis2-export.pdf" >/dev/null
curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/product-security/overview" >/dev/null
docker-config:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v7
- name: Validate effective compose configurations
run: |
cp .env.example .env
docker compose config
docker compose --env-file .env -f docker-compose.yml -f docker-compose.llm.yml config
docker compose --env-file .env -f docker-compose.yml -f docker-compose.stage.yml config
docker compose --env-file .env -f docker-compose.yml -f docker-compose.prod.yml config
docker compose --env-file .env -f docker-compose.yml -f docker-compose.prod.yml -f docker-compose.llm.yml config
- name: Build hardened application image
run: |
docker build --file rust/iscy-backend/Dockerfile rust/iscy-backend