From 62f71ef453dfad66885936f5b7f38d01897634b2 Mon Sep 17 00:00:00 2001 From: Templum Date: Fri, 6 Jan 2023 20:13:39 +0000 Subject: [PATCH 1/7] :construction_worker: Started assembling integration test pipeline --- .github/workflows/integration.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 9e1fd08..38fee00 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -9,10 +9,20 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@main - - name: Debug - run: pwd && ls - shell: bash - - name: Integration Test - id: integration-test + - name: Checkout playground repository + uses: actions/checkout@main + with: + repository: Templum/playground + - name: Run Action against known repository and skip upload to compare generated file uses: Templum/govulncheck-action@main + with: + skip-upload: true + go-version: 1.19 + env: + GH_PAT_TOKEN: ${{ secrets.PAT_TOKEN }} + GOPRIVATE: "github.com/Templum/private-lib" + - name: Upload Report + uses: actions/upload-artifact@v3 + with: + name: raw-report + path: raw-report.json \ No newline at end of file From 9fa722bfc6bf034684e0a4a1ff01301334258335 Mon Sep 17 00:00:00 2001 From: Templum Date: Fri, 6 Jan 2023 20:17:49 +0000 Subject: [PATCH 2/7] :wrench: Setup for testing --- .github/workflows/integration.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 38fee00..7cc3801 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -3,6 +3,7 @@ on: push: branches: - main + - feature/integration-test # Temporary for testing tags: - v* jobs: From 27809a92f221a2279168f46882ba47182bca1b1b Mon Sep 17 00:00:00 2001 From: Simon Date: Mon, 9 Jan 2023 15:47:14 +0100 Subject: [PATCH 3/7] :wrench: Selected correct report --- .github/workflows/integration.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 7cc3801..c147426 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -25,5 +25,5 @@ jobs: - name: Upload Report uses: actions/upload-artifact@v3 with: - name: raw-report - path: raw-report.json \ No newline at end of file + name: sarif-report + path: govulncheck-report.sarif From 8cd1737000e15ed92c9969329c89380ec67740bf Mon Sep 17 00:00:00 2001 From: Templum Date: Wed, 11 Jan 2023 20:49:24 +0000 Subject: [PATCH 4/7] :white_check_mark: Added Bash based Integration Test --- .github/workflows/integration.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index c147426..1b4d5a6 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -22,7 +22,14 @@ jobs: env: GH_PAT_TOKEN: ${{ secrets.PAT_TOKEN }} GOPRIVATE: "github.com/Templum/private-lib" + - name: Ensure at least 8 Vulnerabilities are discovered + run: | + rules=$(cat govulncheck-report.sarif | jq '.runs[0].tool.driver.rules | length') + occurrences=$(cat govulncheck-report.sarif | jq '.runs[0].results | length') + if [[ $rules -ge 8 ]]; then echo "Found expected number of rules"; else echo "Found unexpected number of rules $rules expected 8"; exit 1; fi + if [[ $occurrences -ge 8 ]]; then echo "Found expected number of call sites"; else echo "Found unexpected number of call sites ($occurrences expected 8)"; exit 1; fi - name: Upload Report + if: ${{ failure() }} uses: actions/upload-artifact@v3 with: name: sarif-report From cd45b973cb6f34cf852daa3e33248f03ade3f82c Mon Sep 17 00:00:00 2001 From: Templum Date: Wed, 11 Jan 2023 20:49:58 +0000 Subject: [PATCH 5/7] :wrench: Added Schedule (every 3 day at 22.00) --- .github/workflows/integration.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 1b4d5a6..5fd3d60 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -6,6 +6,8 @@ on: - feature/integration-test # Temporary for testing tags: - v* + schedule: + - cron: '0 22 */3 * *' jobs: test: runs-on: ubuntu-latest From 94eafa031296cb1ab9832dd49b4a1ec719d1e8fe Mon Sep 17 00:00:00 2001 From: Templum Date: Wed, 11 Jan 2023 20:52:25 +0000 Subject: [PATCH 6/7] Minor Name adjustment --- .github/workflows/integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 5fd3d60..9ffc3d0 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -30,7 +30,7 @@ jobs: occurrences=$(cat govulncheck-report.sarif | jq '.runs[0].results | length') if [[ $rules -ge 8 ]]; then echo "Found expected number of rules"; else echo "Found unexpected number of rules $rules expected 8"; exit 1; fi if [[ $occurrences -ge 8 ]]; then echo "Found expected number of call sites"; else echo "Found unexpected number of call sites ($occurrences expected 8)"; exit 1; fi - - name: Upload Report + - name: Upload Report if Test failed if: ${{ failure() }} uses: actions/upload-artifact@v3 with: From ba6bc62534e64dd9a30f0da4b64b496dcb72a3f4 Mon Sep 17 00:00:00 2001 From: Templum Date: Wed, 11 Jan 2023 20:53:03 +0000 Subject: [PATCH 7/7] :wrench: Removed test branch as implementation concluded --- .github/workflows/integration.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 9ffc3d0..5be3009 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -3,7 +3,6 @@ on: push: branches: - main - - feature/integration-test # Temporary for testing tags: - v* schedule: