diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index a3fe195..702c491 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -1,41 +1,75 @@ -name: Integration Test -on: - pull_request: - branches-ignore: - - dependabot/github_actions/* - - dependabot/docker/* - push: - branches: - - main - tags: - - v[0-9]+.[0-9]+.[0-9]+ - schedule: - - cron: '0 22 */3 * *' -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Checkout playground repository - uses: actions/checkout@main - with: - repository: Templum/playground - - name: Run Action against known repository and skip upload to compare generated file - uses: Templum/govulncheck-action@main - with: - skip-upload: true - go-version: 1.20.0 - env: - GH_PAT_TOKEN: ${{ secrets.PAT_TOKEN }} - GOPRIVATE: "github.com/Templum/private-lib" - - name: Ensure at least 8 Vulnerabilities are discovered - run: | - rules=$(cat govulncheck-report.sarif | jq '.runs[0].tool.driver.rules | length') - occurrences=$(cat govulncheck-report.sarif | jq '.runs[0].results | length') - if [[ $rules -ge 8 ]]; then echo "Found expected number of rules"; else echo "Found unexpected number of rules $rules expected 8"; exit 1; fi - if [[ $occurrences -ge 8 ]]; then echo "Found expected number of call sites"; else echo "Found unexpected number of call sites ($occurrences expected 8)"; exit 1; fi - - name: Upload Report if Test failed - if: ${{ failure() }} - uses: actions/upload-artifact@v3 - with: - name: sarif-report - path: govulncheck-report.sarif +name: Integration Test +on: + pull_request: + branches-ignore: + - dependabot/github_actions/* + - dependabot/docker/* + push: + branches: + - main + tags: + - v[0-9]+.[0-9]+.[0-9]+ + schedule: + - cron: "0 22 */3 * *" +jobs: + integration-test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: 1.20.0 + - name: Compile Action + run: go build -ldflags="-w -s" -v -o action . + - name: Install govulncheck default version (v1.0.0) + run: go install golang.org/x/vuln/cmd/govulncheck@v1.0.0 + - name: Run action against local version of the action + run: ./action + env: + SKIP_UPLOAD: "true" + - name: Ensure at least 10 Vulnerabilities are discovered (based on go version) + run: | + rules=$(cat govulncheck-report.sarif | jq '.runs[0].tool.driver.rules | length') + occurrences=$(cat govulncheck-report.sarif | jq '.runs[0].results | length') + if [[ $rules -ge 10 ]]; then echo "Found expected number of rules"; else echo "Found unexpected number of rules $rules expected 10"; exit 1; fi + if [[ $occurrences -ge 30 ]]; then echo "Found expected number of call sites"; else echo "Found unexpected number of call sites ($occurrences expected 30)"; exit 1; fi + - name: Upload Report if Test failed + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: sarif-report + path: govulncheck-report.sarif + + integration-private-test: + runs-on: ubuntu-latest + if: contains(github.ref, 'main') + steps: + - name: Checkout playground repository + uses: actions/checkout@main + with: + repository: Templum/playground + - name: Run Action against known repository and skip upload to compare generated file + uses: Templum/govulncheck-action@main + with: + skip-upload: true + go-version: 1.20.0 + env: + GH_PAT_TOKEN: ${{ secrets.PAT_TOKEN }} + GOPRIVATE: "github.com/Templum/private-lib" + - name: Ensure at least 8 Vulnerabilities are discovered + run: | + rules=$(cat govulncheck-report.sarif | jq '.runs[0].tool.driver.rules | length') + occurrences=$(cat govulncheck-report.sarif | jq '.runs[0].results | length') + if [[ $rules -ge 8 ]]; then echo "Found expected number of rules"; else echo "Found unexpected number of rules $rules expected 8"; exit 1; fi + if [[ $occurrences -ge 8 ]]; then echo "Found expected number of call sites"; else echo "Found unexpected number of call sites ($occurrences expected 8)"; exit 1; fi + - name: Upload Report if Test failed + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: sarif-report + path: govulncheck-report.sarif