Step Functions - Github PR Scan Pipeline

This has to be run with an environment that has awscli pre-installed AND configured

Step 1

Sign up for a Github Account
Generate a Github Personal Access Token like this
- In the list of scopes, make sure you only select public_repo
Make sure you copy the Github Token somewhere on your host machine. It is not visible once you navigate away from the page/refresh the page
Open the lab image and open terminal in the IDE

Step 2

cd /root

git clone https://github.com/we45/pr-step-function-pipeline

cd /root/pr-step-function-pipeline

Step 3

aws ssm put-parameter --name "auth_token " --value "<copied token value>" --type "SecureString"

Step 4

sls deploy

Wait for the Stack to be deployed

Copy the URL that is returned after the deployment process

Step 5

In Github create a new project called "python-pr-example" and make sure to leave it private
Use this link to setup a project webhook for the project. Make sure:
- you set the content-type to application/json
- Paste the URL generated from your sls deploy as the webhook URL
- You can leave the Secret field empty although you should not do so in production
- Ensure that you only select the Pull Request option from the webhook events

Once the webhook is setup, go back to your terminal in the lab image

Step 6

In the terminal

cd /root

git clone https://github.com/<your-user-name>/python-pr-example

cd /root/python-pr-example

Ensure you substitute <your-user-name> with your github username

Step 7

Now lets create an obviously insecure python code snippet.

import hashlib

password = "hello world"

hash_value = hashlib.md5(password).hexdigest()

Copy the contents of the above into a file and save it as hello.py

Now create another file

echo "pyjwt==1.5.0" > requirements.txt

Step 8

Create a branch and push it to github

git checkout -b test

git push -u origin test

Step 9

Now go over to github and make a pull request. Make sure the compare branch is set to test and the base branch is master

Once you are done click on the create pull request button

Step 10

You should see your step functions run and write results to the PR in a few seconds.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
img		img
.gitignore		.gitignore
.python-version		.python-version
README.md		README.md
__init__.py		__init__.py
handler.py		handler.py
package-lock.json		package-lock.json
package.json		package.json
requirements.txt		requirements.txt
serverless.yml		serverless.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Step Functions - Github PR Scan Pipeline

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Step 10

About

Releases

Packages

Languages

we45/pr-step-function-pipeline

Folders and files

Latest commit

History

Repository files navigation

Step Functions - Github PR Scan Pipeline

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Step 10

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages