DF-4183: Github Actions CI Pipeline

Jenkinsfile

@@ -0,0 +1,97 @@
+pipeline {
+
+    agent {
+        kubernetes (
+            k8sAgent(
+            name: 'nodeJs', 
+            nodeJS: "14.17.0-slim",
+            idleMinutes: params.POD_IDLE_MINUTES
+            )
+        )
+    } 
+
+    parameters {
+        string(name: 'POD_IDLE_MINUTES', defaultValue: '0', description: 'Number of minutes pod will stay idle post build')
+        string(name: 'VERSION_NUMBER', description: 'InsightAppSec Github Scan tag version number')
+        booleanParam(name: 'RUN_PIPELINE', defaultValue: false, description: 'Option to build files and create tag')
+    }
+
+    stages {
+
+        //run unit tests
+        stage('Unit tests') {
+            steps {
+                container("node"){
+                    script {
+                        sh """
+                        npm install --save-dev jest
+                        npm t
+                        """
+                    }
+                }
+            }
+        }
+
+        //create updated dist/index.js file
+        stage('Prepare build') {
+            when {
+                expression {
+                    params.RUN_PIPELINE
+                    !params.VERSION_NUMBER.isEmpty()
+                }
+            }
+            steps {
+                container("node"){
+                    script {
+
+                        sh """
+                        if [ -d "node_modules" ]
+                        then
+                            rm -r node_modules
+                        fi
+                        if [ -f "dist/index.js" ]
+                        then
+                            rm  dist/index.js
+                        fi
+                        npm install --production
+                        npm i -g @vercel/ncc@0.31.1
+                        npm run build
+                        """                        
+                    }
+                }
+            }
+        }
+
+        stage('Create tag') {
+            when {
+                expression {
+                    params.RUN_PIPELINE
+                    !params.VERSION_NUMBER.isEmpty()
+                }
+            }
+            steps {
+
+                withCredentials([usernamePassword(credentialsId: 'github-app-key', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
+                sh label: 'git config user.email',
+                script: 'git config --global user.email github_serviceaccounts+$USERNAME@rapid7.com'
+                sh label: 'git config user.name',
+                script: 'git config --global user.name $USERNAME'
+
+                //check-in index file, create tag and release
+                sh """
+                if [ -f "dist/index.js" ]; then 
+                    git pull  --ff-only https://${USERNAME}:${PASSWORD}@github.com/rapid7/insightappsec-scan-github-actions
+                    git add dist/index.js
+                    git commit -m "Updating index.js file"
+                    git push https://${USERNAME}:${PASSWORD}@github.com/rapid7/insightappsec-scan-github-actions
+
+                    git tag ${params.VERSION_NUMBER}
+                    git push https://${USERNAME}:${PASSWORD}@github.com/rapid7/insightappsec-scan-github-actions ${params.VERSION_NUMBER}
+
+                fi
+                """
+                }  
+            }
+        }
+    }
+}

README.md

@@ -65,26 +65,24 @@ The body of a vulnerability query cannot contain double quotes ("), single quote
 ```
 
 ## Development
-To develop new versions of this action
-1. Make the required code updates and test
-2. Remove node_modules and reinstall with the --production flag
-```
-npm install --production
-```
-3. Globally install the build tool (only once)
-```
-npm i -g @vercel/ncc@0.31.1
-```
-4. From the root project directory, in a terminal execute
-```
-npm run build
-```
-5. Add the contents of the /dist directory to the changelist.
-6. Submit the changes for review.
-7. Once approved and merged a tag should also be created. It's this tag that's referenced in the implementing yaml file, the below example uses a v1.0.0 tag.
-```
-uses: rapid7/insightappsec-scan-github-actions@v1.0.0
-```
+To develop new versions of this action, we use a combination of manual testing and the Jenkins CI pipeline. 
+
+1. Make the required code updates and test locally.
+2. Create a fork on the repo.
+3. Delete previous tags. Local: git tag -d <tagname>   Remote: git push --delete origin <tagname>
+4. Delete dist/index.js.
+5. Remove node_modules folder.
+6. Build new file: npm run build.
+7. Create new tags. Local: git tag <tagname>     Remote: git push origin <tagname> 
+8. Push branch changes to Github.
+9. Checkout forked master branch and pull changes.
+10. Create yaml file in workflows/.github folder, as per https://wiki.corp.rapid7.com/display/EXT/GitHub+Scan+Action "Testing Changes" section.
+11. Add your AppSec API key to the forked repo as a secret named IAS_API_KEY.
+12. Push any changes to the forked master branch.
+13. If a scan is not kicked off automatically, make a further change to the forked repo, i.e. add an additional space to the READ_ME file.
+14. If the scan runs successfully, create a PR to the rapid7 master branch. Merging will kick-off the CI pipeline.
+15. In the insightappsec-scan-github-actions folder on Jenkins VRM, create a new build with parameters for your branch. Provide a tag number, i.e. v1.0.0, and tick the RUN_PIPELINE checkbox.
+16. If required, manually create a new release based on your new tag.
 
 ### Unit tests
 The unit tests use the jest framework. This can be installed using node package manager.
@@ -98,4 +96,4 @@ To execute all tests
 - From the insightappsec-scan-github-actions directory run _npm t_
 
 For a code coverage report
-- From the insightappsec-scan-github-actions directory run _npm run coverage_
+- From the insightappsec-scan-github-actions directory run _npm run coverage_