Upload checkmarx results to github (#28)

gilescope · web-flow · commit 87ce32ffbe48 · 2025-07-10T09:15:36.000+01:00
* fix: tell github security scan has been done.

* fix: filter results github can't handle

* fix: bash lint
diff --git a/.github/workflows/checkmarx.yaml b/.github/workflows/checkmarx.yaml
@@ -80,4 +80,17 @@ jobs:
           base_uri: https://eu-2.ast.checkmarx.net/
           cx_client_id: ${{ secrets.CX_CLIENT_ID }}
           cx_client_secret: ${{ secrets.CX_CLIENT_SECRET_EU }}
-          additional_params: --scs-repo-url https://github.com/midnightntwrk/midnight-node-docker --scs-repo-token ${{ secrets.MIDNIGHTCI_REPO }}
+          additional_params: >
+            --report-format sarif
+            --scs-repo-url https://github.com/midnightntwrk/midnight-node-docker
+            --scs-repo-token ${{ secrets.MIDNIGHTCI_REPO }}
+      - name: Filter out repo level issues that github can't handle
+        run: |
+          mv ./cx_result.sarif ./cx_result.sarif.orig
+          jq '. | .runs[0].results |= map(select(.locations[0].physicalLocation.artifactLocation.uri != ""))' cx_result.sarif.orig > cx_result.sarif
+
+      # Upload results to github
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@86b04fb0e47484f7282357688f21d5d0e32175fe  # v3.29.2
+        with:
+          sarif_file: cx_result.sarif
diff --git a/midnight-shell.sh b/midnight-shell.sh
@@ -4,9 +4,9 @@
 CONTAINER_NAME="midnight"
 
 # Check if the container already exists
-if [ $(docker ps -a -f name=^${CONTAINER_NAME}$ --format '{{.Names}}' | grep -w ${CONTAINER_NAME} | wc -l) -eq 0 ]; then
+if [ "$(docker ps -a -f name=^${CONTAINER_NAME}$ --format '{{.Names}}' | grep -c -w "${CONTAINER_NAME}")" -eq 0 ]; then
   echo "Container '${CONTAINER_NAME}' does not exist. Creating and starting it..."
-  
+
   # Run the container with the specified configuration
   docker run -it \
     --name ${CONTAINER_NAME} \
@@ -18,13 +18,13 @@ if [ $(docker ps -a -f name=^${CONTAINER_NAME}$ --format '{{.Names}}' | grep -w
     "${MIDNIGHT_NODE_IMAGE}"
 else
   echo "Container '${CONTAINER_NAME}' already exists. Opening an interactive shell..."
-  
+
   # Check if the container is running, if not, start it
-  if [ $(docker ps -f name=^${CONTAINER_NAME}$ --format '{{.Names}}' | grep -w ${CONTAINER_NAME} | wc -l) -eq 0 ]; then
+  if [ "$(docker ps -f name=^${CONTAINER_NAME}$ --format '{{.Names}}' | grep -c -w "${CONTAINER_NAME}")" -eq 0 ]; then
     echo "Starting container '${CONTAINER_NAME}'..."
     docker start ${CONTAINER_NAME}
   fi
-  
+
   # Open an interactive shell in the container
   docker exec -it ${CONTAINER_NAME} /bin/bash
-fi
+fi
