feat: add bucket upload workflow #33

Workflow file for this run

.github/workflows/bucket-upload.yaml at 9e9570d

	name: Run 2ms Scan and Upload to S3

	on:
	pull_request:

	jobs:
	bucket-upload-S3:
	runs-on: ubuntu-latest

	steps:
	- name: Check out repository
	uses: actions/checkout@v4

	- name: Run 2ms Scan
	uses: miguel-neiva01/2ms-github-action@v1.6.5
	id: twoms_scan

	- name: Get Results Directory
	id: get_results_dir
	run: \|
	echo "results_dir=results" >> $GITHUB_ENV
	echo "Results Directory: ${{ env.results_dir }}"

	- name: Upload 2ms Scan Artifact
	uses: actions/upload-artifact@v4
	with:
	name: results
	path: ${{ env.results_dir }}

	- name: Set S3 Destination Path
	id: set_s3_path
	run: \|
	BRANCH_NAME="${{ github.head_ref \|\| github.ref_name }}"
	PR_NUMBER="${{ github.event.number }}"
	TWOMS_VERSION=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest \| jq -r '.tag_name')
	echo "twoms_version=$TWOMS_VERSION" >> $GITHUB_ENV
	ENGINE="2ms"
	COMMIT_HASH="${{ github.sha }}"
	PR_OWNER="${{ github.actor }}"
	TARGET_BRANCH="master"

	DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"

	echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
	echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV

	- name: Organize SARIF files
	run: \|
	mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"

	echo "Listing SARIF files before processing..."
	ls -la $GITHUB_WORKSPACE/results/

	for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
	if [[ -f "$sarif_file" ]]; then
	project_name=$(basename "$sarif_file" .sarif)
	mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
	mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
	echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
	fi
	done

	- name: Create Metadata File
	run: \|
	COMMIT_TIMESTAMP=$(git log -1 --format=%ct)

	METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"

	echo '{
	"seq": "'"${COMMIT_TIMESTAMP}"'",
	"tag": "'"${{ github.event.number }}"'",
	"comment":"'"${{ github.event.pull_request.title }}"'",
	"commit": "'"${{ github.sha }}"'",
	"owner": "'"${{ github.actor }}"'",
	"branch": "'"${{ github.head_ref \|\| github.ref_name }}"'",
	"engine": "2ms",
	"version": "'"${{ env.twoms_version }}"'"
	}' > "$METADATA_PATH"


	- name: Upload results to S3
	run: \|
	aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
	--storage-class STANDARD
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add bucket upload workflow #33

Workflow file

feat: add bucket upload workflow #33

Uh oh!

Workflow file for this run