0
0
mirror of https://github.com/PostHog/posthog.git synced 2024-11-24 00:47:50 +01:00
posthog/.github/workflows/codeql.yml
James Greenhill 59eaa99c14
chore: move livestream to posthog monorepo (#23044)
* 🔥 initial commit

* update readme

* Update README.md

* Update README.md

* deploy scripts

* very basic consumer setup

* add some configs and docker-compose

* formatting for testing

* add tailscale

* flip from dev to prod flag

* set default to be not prod

* default for group_id

* tailscale up

* update gitignore

* basic geolocation

* remove unused localServer

* document mmdb

* just make configs an example

* drop raw print

* add a start script (downloads the mmdb)

* add readme and update configs.example

* ts working

* if in start

* update start script

* fix start

* fix start

* fix more

* add sql endpoints for tokenId and Person lookups

* work towards filter

* sub channel

* fix subChan

* hardcode team2 token

* add cors

* only allow get and head

* add atomicbool

* add channel to kafka

* add logs

* verbose logs

* make array

* drop sub ptrs

* more logs

* helps to loop

* drop some logigng

* move sub branch

* logging

* drop log

* hog

* Deal with numeric distinct ids later

* logs

* api_key

* send 1/1000

* remove log

* remove more logs

* change response payload

* set timestamp if needed

* fill in person_id if team_id is set

* require teamid, convert to token

* clean up subs on disconnect

* log

* check for token in another place

* clean up subs on disconnect

* drop modulo and log

* fix no assign

* don't reuse db conn for now

* drop a log

* add back commented out log

* Don't block on send to client channel

* add geo bool

* only geo events

* use wrapper ip

* don't require team in geo mode

* add an endpoint and stats keeper for teams

* remove stats keeper

* start stats keeper

* wire it up

* change the shape of the response

* omit empty error

* omit empty on the stats as well

* enable logging on back pressure

* add jwt endpoint for testing

* support multiple event types

* Get Auth Setup

* jwt team is float so turn that into int

* logs

* add auth for stats endpoint

* remove tailscale and use autoTLS on public endpoints

* default to :443 for auto tls

* remove un-needed endpoints and handlers

* Use compression because... a lot of data (#9)

* add dockerfile and CI/CD (#10)

* add dockerfile and CI/CD

* Use ubuntu not alpine

couldn't build in alpine :'(

* Add MMDB download to Dockerfile (#11)

* Use clearer name for MMDB

* Don't connect to Kafka over SSL in dev

* Fix JWT token in example config

* Add postgres.url to example config

* Add expected scope

* Fix const syntax

* Put scope validation where claims are known

* Fix audience validation

* moves

* ignore livestream for ci

* main -> master

* move GA to root

* docker lint fix

* fix typo

* fixes for docker builds

* test docker build

* livestream build docker

* dang

* Update .github/workflows/livestream-docker-image.yml

Co-authored-by: Neil Kakkar <neilkakkar@gmail.com>

* Update .github/workflows/livestream-docker-image.yml

Co-authored-by: Neil Kakkar <neilkakkar@gmail.com>

* don't build posthog container when PR is pushed for rust or livestream

* Update .github/workflows/livestream-docker-image.yml

Co-authored-by: Neil Kakkar <neilkakkar@gmail.com>

* add a lot of paths-ignore

* Update .github/workflows/livestream-docker-image.yml

Co-authored-by: Neil Kakkar <neilkakkar@gmail.com>

* Dorny filters are handling most of what I was trying to do

* remove tailscale to speed up builds

* maybe?

* push container to github.com/posthog/postog

* don't build container on PR

* remove more filters because dorny

---------

Co-authored-by: Brett Hoerner <brett@bretthoerner.com>
Co-authored-by: Zach Waterfield <zlwaterfield@gmail.com>
Co-authored-by: Frank Hamand <frankhamand@gmail.com>
Co-authored-by: Michael Matloka <michal@matloka.com>
Co-authored-by: Neil Kakkar <neilkakkar@gmail.com>
2024-06-18 15:38:53 +00:00

106 lines
5.1 KiB
YAML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: 'CodeQL'
on:
push:
branches: ['master']
paths-ignore:
- 'rust/**'
pull_request:
branches: ['master']
paths-ignore:
- 'rust/**'
schedule:
- cron: '27 1 * * 0'
jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: 'ubuntu-latest'
timeout-minutes: 15
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
# TODO: Add cpp with manual build mode when we need it.
# needs updating of manual build instructions below
# - language: c-cpp
# build-mode: manual
- language: javascript-typescript
build-mode: none
- language: python
build-mode: none
- language: go
build-mode: autobuild
# CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
# Use `c-cpp` to analyze code written in C, C++ or both
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# If the analyze step fails for one of the languages you are analyzing with
# "We were unable to automatically build your code", modify the matrix above
# to set the build mode to "manual" for that language. Then modify this step
# to build your code.
# Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
- if: matrix.build-mode == 'manual'
shell: bash
run: |
echo 'If you are using a "manual" build mode for one or more of the' \
'languages you are analyzing, replace this with the commands to build' \
'your code, for example:'
echo ' make bootstrap'
echo ' make release'
exit 1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: '/language:${{matrix.language}}'