-
Notifications
You must be signed in to change notification settings - Fork 31
92 lines (71 loc) · 3.06 KB
/
bucket-upload.yaml
File metadata and controls
92 lines (71 loc) · 3.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
on:
push:
branches:
- add-bucket-upload-workflow
pull_request:
branches:
- add-bucket-upload-workflow
jobs:
bucket-upload-S3:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.sha }}
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: "^1.22"
- name: Clone 2ms Repository and Checkout Commit SHA
run: |
# Clonar o repositório 2ms
git clone https://github.com/checkmarx/2ms.git /tmp/2ms
cd /tmp/2ms
git fetch --all
git checkout ${{ github.sha }}
go build -o dist/2ms main.go
ls -la dist/2ms
- name: Load Repos from JSON
run: |
# Baixar o arquivo repos.json diretamente
curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
# Exibir o conteúdo de REPOS_LIST para depuração
echo "REPOS_LIST: $REPOS_LIST"
# Passar a variável corretamente ao ambiente
echo "REPOS_LIST=$REPOS_LIST" >> $GITHUB_ENV
- name: Run 2ms Scan for each repo
run: |
mkdir -p $GITHUB_WORKSPACE/results
for repo_url in $REPOS_LIST; do
repo_name=$(basename $repo_url .git)
echo "Cloning repository: $repo_url"
# Clonar o repositório
git clone $repo_url $GITHUB_WORKSPACE/$repo_name
# Rodar o 2ms scan no repositório clonado
/tmp/2ms filesystem --path $GITHUB_WORKSPACE/$repo_name --ignore-on-exit results --report-path $GITHUB_WORKSPACE/results/$repo_name.sarif
done
- name: Get Results Directory
id: get_results_dir
run: |
echo "results_dir=results" >> $GITHUB_ENV
- name: Set S3 Destination Path
id: set_s3_path
run: |
BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
PR_NUMBER="${{ github.event.number }}"
ENGINE="2ms"
COMMIT_HASH="${{ github.sha }}"
PR_OWNER="${{ github.actor }}"
TARGET_BRANCH="master"
DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
- name: Organize SARIF files
run: |
mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
if [[ -f "$sarif_file" ]]; then
project_name=$(basename "$sarif_file" .sarif)
mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
fi