Skip to content

Commit 1a28303

Browse files
cx-miguel-neivacx-miguel-neiva
committed
Try again
1 parent 4c3d20b commit 1a28303

File tree

1 file changed

+17
-77
lines changed

1 file changed

+17
-77
lines changed

.github/workflows/bucket-upload.yaml

Lines changed: 17 additions & 77 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,5 @@
11
on:
2-
push:
3-
branches:
4-
- add-bucket-upload-workflow
5-
pull_request:
6-
branches:
7-
- add-bucket-upload-workflow
2+
pull request:
83

94
jobs:
105
bucket-upload-S3:
@@ -21,78 +16,31 @@ jobs:
2116

2217
- name: Clone 2ms Repository and Checkout Commit SHA
2318
run: |
24-
# Clonar o repositório 2ms no diretório do workspace
25-
git clone https://github.com/checkmarx/2ms.git $GITHUB_WORKSPACE/2ms
26-
cd $GITHUB_WORKSPACE/2ms
27-
28-
# Buscar todos os commits e fazer checkout no commit correto
29-
git fetch --all
30-
git checkout ${{ github.sha }}
31-
32-
# Compilar o 2ms
33-
go build -o $GITHUB_WORKSPACE/2ms/dist/2ms main.go
34-
35-
# Verificar se o binário foi criado corretamente
36-
ls -la $GITHUB_WORKSPACE/2ms/dist/2ms
37-
38-
# Garantir permissões de execução
39-
chmod +x $GITHUB_WORKSPACE/2ms/dist/2ms
19+
git clone https://github.com/checkmarx/2ms.git $GITHUB_WORKSPACE/2ms
20+
cd $GITHUB_WORKSPACE/2ms
21+
git fetch --all
22+
git checkout ${{ github.sha }}
23+
go build -o $GITHUB_WORKSPACE/2ms/dist/2ms main.go
24+
chmod +x $GITHUB_WORKSPACE/2ms/dist/2ms
4025
4126
- name: Load Repos from JSON and Clone Each Repo
4227
run: |
43-
# Baixar o arquivo repos.json diretamente
44-
curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
45-
46-
# Extrair os repositórios e criar uma string separada por espaços (ou nova linha, conforme necessário)
47-
REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
48-
49-
# Exibir o conteúdo de REPOS_LIST para depuração
50-
echo "Repos List: $REPOS_LIST"
51-
52-
# Corrigir separação da variável para garantir que a leitura esteja correta
53-
echo "repos=$(echo "$REPOS_LIST" | tr '\n' ' ')" >> $GITHUB_ENV
54-
55-
# Iterar sobre cada repositório e cloná-los
56-
IFS=' ' # Ajusta o delimitador para garantir que o loop leia as URLs separadas por espaço
57-
for repo_url in $REPOS_LIST; do
58-
repo_name=$(basename "$repo_url" .git)
59-
echo "Cloning repository: $repo_url"
60-
61-
# Criar uma pasta para o repositório dentro de workspace/repos
62-
mkdir -p "$GITHUB_WORKSPACE/workspace/repos/$repo_name"
63-
64-
# Clonar o repositório na pasta criada
65-
git clone "$repo_url" "$GITHUB_WORKSPACE/workspace/repos/$repo_name"
66-
67-
# Verificar se o repositório foi clonado corretamente
68-
ls -la "$GITHUB_WORKSPACE/workspace/repos/$repo_name"
69-
done
70-
28+
curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
29+
REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json | tr '\n' ' ')
30+
echo "repos=$REPOS_LIST" >> $GITHUB_ENV
31+
for repo_url in $REPOS_LIST; do
32+
repo_name=$(basename "$repo_url" .git)
33+
mkdir -p "$GITHUB_WORKSPACE/repos/$repo_name"
34+
git clone "$repo_url" "$GITHUB_WORKSPACE/repos/$repo_name"
35+
done
36+
7137
- name: Run 2ms Scan for each repo
7238
run: |
7339
mkdir -p $GITHUB_WORKSPACE/results
74-
75-
# Obter a lista de repositórios do GITHUB_ENV
7640
IFS=' ' read -r -a REPOS_ARRAY <<< "$repos"
77-
78-
# Verificar se o binário 2ms existe no diretório correto
79-
if [ ! -f /tmp/2ms/dist/2ms ]; then
80-
echo "2ms binary not found!"
81-
exit 1
82-
fi
83-
8441
for repo_url in "${REPOS_ARRAY[@]}"; do
8542
repo_name=$(basename "$repo_url" .git)
86-
echo "Running 2ms scan on $repo_name"
87-
88-
# Executar o scan 2ms no repositório clonado, passando o path correto
8943
$GITHUB_WORKSPACE/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/repos/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
90-
91-
# Verificar se o comando 2ms foi executado corretamente
92-
if [ $? -ne 0 ]; then
93-
echo "2ms scan failed for $repo_name, continuing with the next repo."
94-
continue
95-
fi
9644
done
9745
9846
- name: Get Results Directory
@@ -114,34 +62,25 @@ jobs:
11462
COMMIT_HASH="${{ github.sha }}"
11563
PR_OWNER="${{ github.actor }}"
11664
TARGET_BRANCH="master"
117-
11865
DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
119-
12066
echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
12167
echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
12268
12369
- name: Organize SARIF files
12470
run: |
12571
mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
126-
127-
echo "Listing SARIF files before processing..."
128-
ls -la $GITHUB_WORKSPACE/results/
129-
13072
for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
13173
if [[ -f "$sarif_file" ]]; then
13274
project_name=$(basename "$sarif_file" .sarif)
13375
mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
13476
mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
135-
echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
13677
fi
13778
done
13879
13980
- name: Create Metadata File
14081
run: |
14182
COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
142-
14383
METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
144-
14584
echo '{
14685
"seq": "'"${COMMIT_TIMESTAMP}"'",
14786
"tag": "'"${{ github.event.number }}"'",
@@ -153,6 +92,7 @@ jobs:
15392
"version": "'"${{ env.twoms_version }}"'"
15493
}' > "$METADATA_PATH"
15594
95+
15696
- name: Upload results to S3
15797
run: |
15898
aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \

0 commit comments

Comments
 (0)