@@ -63,33 +63,70 @@ jobs:
6363 /tmp/2ms filesystem --path $GITHUB_WORKSPACE/$repo_name --ignore-on-exit results --report-path $GITHUB_WORKSPACE/results/$repo_name.sarif
6464 done
6565
66- name : Get Results Directory
67- id : get_results_dir
68- run : |
69- echo "results_dir=results" >> $GITHUB_ENV
7066
67+ - name: Get Results Directory
68+ id: get_results_dir
69+ run: |
70+ echo "results_dir=results" >> $GITHUB_ENV
71+
72+ - name : Get 2ms Version
73+ id : get_twoms_version
74+ run : |
75+ echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
76+
7177 - name : Set S3 Destination Path
7278 id : set_s3_path
7379 run : |
74- BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
75- PR_NUMBER="${{ github.event.number }}"
76- ENGINE="2ms"
77- COMMIT_HASH="${{ github.sha }}"
78- PR_OWNER="${{ github.actor }}"
79- TARGET_BRANCH="master"
80-
81- DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
82-
83- echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
84- echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
85-
80+ BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
81+ PR_NUMBER="${{ github.event.number }}"
82+ ENGINE="2ms"
83+ COMMIT_HASH="${{ github.sha }}"
84+ PR_OWNER="${{ github.actor }}"
85+ TARGET_BRANCH="master"
86+
87+ DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
88+
89+ echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
90+ echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
91+
8692 - name : Organize SARIF files
8793 run : |
88- mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
89-
90- for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
91- if [[ -f "$sarif_file" ]]; then
92- project_name=$(basename "$sarif_file" .sarif)
93- mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
94- mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
95- fi
94+ mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
95+
96+ echo "Listing SARIF files before processing..."
97+ ls -la $GITHUB_WORKSPACE/results/
98+
99+ for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
100+ if [[ -f "$sarif_file" ]]; then
101+ project_name=$(basename "$sarif_file" .sarif)
102+ mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
103+ mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
104+ echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
105+ fi
106+ done
107+
108+ - name : Create Metadata File
109+ run : |
110+ COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
111+
112+ METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
113+
114+ echo '{
115+ " seq " " '" ${COMMIT_TIMESTAMP}"'",
116+ " tag " " '" ${{ github.event.number }}"'",
117+ " comment" :"'"${{ github.event.pull_request.title }}"'",
118+ " commit " " '" ${{ github.sha }}"'",
119+ " owner " " '" ${{ github.actor }}"'",
120+ " branch " " '" ${{ github.head_ref || github.ref_name }}"'",
121+ " engine " " 2ms" ,
122+ " version " " '" ${{ env.twoms_version }}"'"
123+ }' > "$METADATA_PATH"
124+
125+
126+ - name : Upload results to S3
127+ run : |
128+ aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
129+ --storage-class STANDARD
130+ env :
131+ AWS_ACCESS_KEY_ID : ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
132+ AWS_SECRET_ACCESS_KEY : ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
0 commit comments