Skip to content

Commit f8bbefc

Browse files
cx-miguel-neivacx-miguel-neiva
committed
Check 2ms Scan
1 parent 210541c commit f8bbefc

File tree

1 file changed

+82
-84
lines changed

1 file changed

+82
-84
lines changed

.github/workflows/bucket-upload.yaml

Lines changed: 82 additions & 84 deletions
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,15 @@ on:
66
branches:
77
- add-bucket-upload-workflow
88

9-
109
jobs:
1110
bucket-upload-S3:
1211
runs-on: ubuntu-latest
1312

1413
steps:
1514
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
1615
with:
17-
ref: ${{ github.sha }}
16+
ref: ${{ github.sha }}
17+
1818
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
1919
with:
2020
go-version: "^1.22"
@@ -27,109 +27,107 @@ jobs:
2727
2828
git fetch --all
2929
git checkout ${{ github.sha }}
30-
30+
31+
# Compilar o 2ms
3132
go build -o dist/2ms main.go
33+
34+
# Verificar se o binário foi criado corretamente
3235
ls -la dist/2ms
33-
34-
35-
- name: Load Repos from JSON
36-
run: |
37-
# Baixar o arquivo repos.json diretamente
38-
curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
39-
40-
# Extrair os repositórios e criar uma string separada por vírgulas
41-
REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
42-
43-
# Exibir o conteúdo de REPOS_LIST para depuração
44-
echo "Repos List: $REPOS_LIST"
45-
46-
# Converter a lista de repositórios para uma string separada por vírgulas e passá-la para o GITHUB_ENV
47-
REPOS_LIST_CSV=$(echo $REPOS_LIST | tr '\n' ',')
48-
echo "repos=$REPOS_LIST_CSV" >> $GITHUB_ENV
49-
36+
37+
# Garantir permissões de execução
38+
chmod +x dist/2ms
5039
5140
- name: Run 2ms Scan for each repo
5241
run: |
53-
mkdir -p $GITHUB_WORKSPACE/results
54-
55-
# Dividir a variável 'repos' em uma lista separada por vírgulas
56-
IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
57-
58-
# Iterar sobre os repositórios no array
59-
for repo_url in "${REPOS_ARRAY[@]}"; do
60-
repo_name=$(basename "$repo_url" .git)
61-
echo "Cloning repository: $repo_url"
62-
63-
# Clonar o repositório
64-
git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
65-
66-
# Rodar o 2ms scan no repositório clonado
67-
/tmp/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
68-
done
42+
mkdir -p $GITHUB_WORKSPACE/results
43+
44+
# Dividir a variável 'repos' em uma lista separada por vírgulas
45+
IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
6946

47+
# Iterar sobre os repositórios no array
48+
for repo_url in "${REPOS_ARRAY[@]}"; do
49+
repo_name=$(basename "$repo_url" .git)
50+
echo "Cloning repository: $repo_url"
51+
52+
# Clonar o repositório
53+
git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
54+
55+
# Verificar se o repositório foi clonado corretamente
56+
ls -la "$GITHUB_WORKSPACE/$repo_name"
57+
58+
# Rodar o 2ms scan no repositório clonado
59+
echo "Running 2ms scan on $repo_name"
60+
/tmp/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
61+
62+
# Verificar se o comando 2ms foi executado
63+
if [ $? -ne 0 ]; then
64+
echo "2ms scan failed for $repo_name"
65+
exit 1
66+
fi
67+
done
68+
7069
- name: Get Results Directory
7170
id: get_results_dir
7271
run: |
73-
echo "results_dir=results" >> $GITHUB_ENV
74-
72+
echo "results_dir=results" >> $GITHUB_ENV
73+
7574
- name: Get 2ms Version
7675
id: get_twoms_version
7776
run: |
78-
echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
79-
77+
echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
78+
8079
- name: Set S3 Destination Path
8180
id: set_s3_path
8281
run: |
83-
BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
84-
PR_NUMBER="${{ github.event.number }}"
85-
ENGINE="2ms"
86-
COMMIT_HASH="${{ github.sha }}"
87-
PR_OWNER="${{ github.actor }}"
88-
TARGET_BRANCH="master"
89-
90-
DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
91-
92-
echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
93-
echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
94-
82+
BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
83+
PR_NUMBER="${{ github.event.number }}"
84+
ENGINE="2ms"
85+
COMMIT_HASH="${{ github.sha }}"
86+
PR_OWNER="${{ github.actor }}"
87+
TARGET_BRANCH="master"
88+
89+
DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
90+
91+
echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
92+
echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
93+
9594
- name: Organize SARIF files
9695
run: |
97-
mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
98-
99-
echo "Listing SARIF files before processing..."
100-
ls -la $GITHUB_WORKSPACE/results/
101-
102-
for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
103-
if [[ -f "$sarif_file" ]]; then
104-
project_name=$(basename "$sarif_file" .sarif)
105-
mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
106-
mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
107-
echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
108-
fi
109-
done
110-
96+
mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
97+
98+
echo "Listing SARIF files before processing..."
99+
ls -la $GITHUB_WORKSPACE/results/
100+
101+
for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
102+
if [[ -f "$sarif_file" ]]; then
103+
project_name=$(basename "$sarif_file" .sarif)
104+
mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
105+
mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
106+
echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
107+
fi
108+
done
109+
111110
- name: Create Metadata File
112111
run: |
113-
COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
114-
115-
METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
116-
117-
echo '{
118-
"seq": "'"${COMMIT_TIMESTAMP}"'",
119-
"tag": "'"${{ github.event.number }}"'",
120-
"comment":"'"${{ github.event.pull_request.title }}"'",
121-
"commit": "'"${{ github.sha }}"'",
122-
"owner": "'"${{ github.actor }}"'",
123-
"branch": "'"${{ github.head_ref || github.ref_name }}"'",
124-
"engine": "2ms",
125-
"version": "'"${{ env.twoms_version }}"'"
126-
}' > "$METADATA_PATH"
112+
COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
127113
114+
METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
128115

116+
echo '{
117+
"seq": "'"${COMMIT_TIMESTAMP}"'",
118+
"tag": "'"${{ github.event.number }}"'",
119+
"comment":"'"${{ github.event.pull_request.title }}"'",
120+
"commit": "'"${{ github.sha }}"'",
121+
"owner": "'"${{ github.actor }}"'",
122+
"branch": "'"${{ github.head_ref || github.ref_name }}"'",
123+
"engine": "2ms",
124+
"version": "'"${{ env.twoms_version }}"'"
125+
}' > "$METADATA_PATH"
126+
129127
- name: Upload results to S3
130128
run: |
131-
aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
132-
--storage-class STANDARD
129+
aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
130+
--storage-class STANDARD
133131
env:
134-
AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
135-
AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
132+
AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
133+
AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}

0 commit comments

Comments
 (0)