-
Notifications
You must be signed in to change notification settings - Fork 7
140 lines (115 loc) · 5.41 KB
/
specimin_evaluation_CI.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: specimin_evaluation_CI
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
specimin-evaluation:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.8'
- name: Set up Java JDK
uses: actions/setup-java@v2
with:
java-version: '21' # Replace with the Java version you need (e.g., 11, 16, etc.)
distribution: 'adopt' # Specify the distribution of Java (e.g., adopt, zulu, etc.)
architecture: 'x64' # Specify the architecture of Java (e.g., x64, x86)
server-password: ${{ secrets.GITHUB_TOKEN }} # Use GITHUB_TOKEN for server password
overwrite-settings: true # Overwrite any existing settings
check-latest: false # Do not check for the latest version
- name: Install dependencies
run: |
python -m pip install --upgrade pip
- name: Display CSV File Contents loaded in working environment
run: |
cat /home/runner/work/specimin/specimin/CI_repository_list.csv
- name: Clone ASHE Project
run: |
git clone https://github.com/NiharikaJamble/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE
- name: Update ASHE Config File loaded in working environment to update SPECIMIN path
run: |
echo "specimin.tool.path=$(pwd)" >> ASHE/src/main/resources/config.properties
- name: Make all scripts under ashe_scripts executable
run: chmod +x ashe_scripts/*.py
- name: List Files in ashe_scripts for Debugging
run: ls -l ashe_scripts
- name: Run the script
run: |
python3 ashe_scripts/run_ashe_for_stats.py \
$(pwd)/ASHE \
$(pwd)/CI_repository_list.csv \
$(pwd)/CI_REPO_CLONE_SPACE_PLUME \
$(pwd)/ASHE/src/main/resources/config.properties
- name: Parse accuracy percentage
id: parse_accuracy_percentage
run: |
grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt
cat current_run_accuracy_percentage.txt
- name: Read and update evaluation accuracy
id: read_and_update
run: |
# Get the current accuracy from specimin_statistics.txt
current_accuracy=$(cat current_run_accuracy_percentage.txt)
echo "Current accuracy: $current_accuracy"
# Get the previous run accuracy from the secret
previous_run_accuracy=${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE }}
if [ -z "$previous_run_accuracy" ]; then
previous_run_accuracy=0
fi
echo "Previous run accuracy: $previous_run_accuracy"
# Compare the values and update the secret if current accuracy is higher
if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then
echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy"
echo "::set-output name=update_needed::true"
echo "::set-output name=new_accuracy::$current_accuracy"
else
echo "No update needed"
echo "::set-output name=update_needed::false"
echo "::set-output name=new_accuracy::$previous_run_accuracy"
fi
# Store both values for later analysis
echo "Current accuracy: $current_accuracy" > comparison_values_for_current_run.txt
echo "Previous run accuracy: $previous_run_accuracy" >> comparison_values_for_current_run.txt
- name: Install jq and curl
run: |
sudo apt-get update
sudo apt-get install -y jq curl
- name: Update Evaluation Accuracy Secret
if: steps.read_and_update.outputs.update_needed == 'true'
run: |
new_accuracy=${{ steps.read_and_update.outputs.new_accuracy }}
repo_name="${{ github.repository }}"
api_url="https://api.github.com"
# Get the public key
public_key_response=$(curl -s -H "Authorization: token ${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE_PAT }}" $api_url/repos/$repo_name/actions/secrets/public-key)
public_key=$(echo $public_key_response | jq -r .key)
key_id=$(echo $public_key_response | jq -r .key_id)
# Encrypt the secret value
encrypted_value=$(echo -n "$new_accuracy" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64)
# Update the secret
curl -s \
-X PUT \
-H "Authorization: token ${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE_PAT }}" \
-H "Content-Type: application/json" \
"$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \
-d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}"
- name: Upload comparison values
if: always()
uses: actions/upload-artifact@v2
with:
name: comparison-values
path: comparison_values_for_current_run.txt
- name: Upload current run accuracy percentage
if: always()
uses: actions/upload-artifact@v2
with:
name: current-run-accuracy-percentage
path: current_run_accuracy_percentage.txt