Merge pull request #73 from newrelic-csec/refactor-check-env-fossa-cli

Refactor check env and fossa cli

Author: elaguerta-nr

.github/composite/fossa-composite/action.yml

@@ -0,0 +1,70 @@
+name: 'FOSSA Composite Action'
+description: 'Shared action for running FOSSA workflows'
+runs:
+  using: 'composite'
+  steps: 
+    - id: fossa-list-targets
+      name: Run fossa list-targets
+      shell: bash
+      run: |
+        curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
+        export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
+        export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
+
+        fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
+
+        if grep "\[ERROR\]" $LIST_TARGETS_ERR_FILE >/dev/null 2>&1
+        then
+            echo "::error::fossa list-targets ran with errors."
+            cat $LIST_TARGETS_ERR_FILE
+            echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_ENV"
+        elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
+        then
+            echo "::notice::Fossa found analysis targets."
+            cat $LIST_TARGETS_OUT_FILE
+            echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_ENV"
+        else
+            echo "::warning::Fossa did not find any analysis targets."
+            echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_ENV"
+            echo "FOSSA_ANALYZE_RESULT=N/A" >> "$GITHUB_ENV"
+        fi
+
+    - id: fossa-analyze
+      name: Run fossa analyze
+      shell: bash
+      if: ${{ env.HAS_FOSSA_TARGETS == 'True'}}
+      run: |
+        export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
+        export ANALYZE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
+        fossa analyze --team='Service Accounts' --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALYZE_ERR_FILE || true
+        if grep "\[ERROR\]" $ANALYZE_ERR_FILE >/dev/null 2>&1
+        then
+            echo "::error::fossa analyze ran with errors."
+            cat $ANALYZE_ERR_FILE
+            echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_ENV"
+        else
+            cat $ANALYZE_OUT_FILE
+            echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_ENV"
+        fi
+
+    - name: Set custom properties 
+      shell: bash
+      run: |
+        response=$(curl --write-out '%{http_code}' --silent --output /dev/null \
+          -L \
+          -X PATCH \
+          -H "Accept: application/vnd.github+json" \
+          -H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          https://api.github.com/orgs/$ORG/properties/values \
+          -d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaHasTargets","value": "'"$HAS_FOSSA_TARGETS"'"}, {"property_name":"fossaAnalyzeResult","value": "'"$FOSSA_ANALYZE_RESULT"'"}]}' \
+        )
+        if [[ $response != 204 ]]
+        then
+            echo "::warning::Writing custom properties failed."
+        fi
+    - name: Exit
+      shell: bash
+      if: ${{ env.HAS_FOSSA_TARGETS == 'Error' || env.FOSSA_ANALYZE_RESULT == 'Error' }}
+      run: |
+        exit 1

.github/workflows/fossa-caos.yml

@@ -1,18 +1,13 @@
-name: FOSSA CLI Analysis
+name: FOSSA CLI Analysis - CAOS
 on:
   pull_request:
     branches: [ $default-branch ]
 
 jobs:
   check_env:
-    runs-on: ubuntu-latest
-    env:
-      HAS_FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
-    steps:
-      - id: check-fossa-api-key
-        run: echo "check=$HAS_FOSSA_API_KEY" >> "$GITHUB_OUTPUT"
-    outputs:
-      HAS_FOSSA_API_KEY: ${{ steps.check-fossa-api-key.outputs.check }}
+    uses: newrelic/.github/.github/workflows/fossa-check-env.yml@main
+    secrets:
+      FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
 
   fossa:
     needs: check_env
@@ -23,71 +18,14 @@ jobs:
       ORG: ${{ github.repository_owner }}
       REPO: ${{ github.repository }}
       CUSTOM_PROPS_PAT: ${{ secrets.FOSSA_PAT }}
+      HAS_FOSSA_TARGETS: ""
+      FOSSA_ANALYZE_RESULT: ""
 
     steps:
       - uses: actions/checkout@v3
       - name: Give GitHub Actions access to private crates
         uses: webfactory/[email protected]
         with:
           ssh-private-key: ${{ secrets.CAOS_RUST_CRATE_FOSSA }}
-      - id: fossa-list-targets
-        name: Run fossa list-targets
-        run: |
-          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
-          export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
-          export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
-
-          fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
-
-          if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
-          then
-              echo "::error::fossa list-targets ran with errors."
-              cat $LIST_TARGETS_ERR_FILE
-              echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
-          elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
-          then
-              echo "::notice::Fossa found analysis targets."
-              cat $LIST_TARGETS_OUT_FILE
-              echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
-          else
-              echo "::warning::Fossa did not find any analysis targets."
-              echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
-          fi
-      - name: Set fossaHasTargets custom property
-        run: |
-          curl -L \
-            -X PATCH \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/orgs/$ORG/properties/values \
-            -d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaHasTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
-      - id: fossa-analyze
-        name: Run fossa analyze
-        if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
-        run: |
-          export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
-          export ANALYZE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
-          fossa analyze --team='Service Accounts' --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALYZE_ERR_FILE || true
-          if [[ $(grep "ERROR" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
-          then
-              echo "::error::fossa analyze ran with errors."
-              cat $ANALYZE_ERR_FILE
-              echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
-          else
-              cat $ANALYZE_OUT_FILE
-              echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
-          fi
-      - name: Set fossaAnalyzeResult custom property
-        run: |
-          curl -L \
-            -X PATCH \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/orgs/$ORG/properties/values \
-            -d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
-      - name: Exit
-        if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
-        run: exit 1
-
+      - id: fossa-cli
+        uses: newrelic/.github/.github/composite/fossa-composite@main

.github/workflows/fossa-check-env.yml

@@ -0,0 +1,21 @@
+name: FOSSA Check Env
+on:
+  workflow_call:
+    secrets:
+      FOSSA_API_KEY:
+       required: false
+    outputs:
+      HAS_FOSSA_API_KEY:
+        description: "True if FOSSA API key is available."
+        value: ${{ jobs.check_env.outputs.check }}
+
+jobs:
+  check_env:
+    runs-on: ubuntu-latest
+    env:
+      HAS_FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
+    steps:
+      - id: check-fossa-api-key
+        run: echo "check=$HAS_FOSSA_API_KEY" >> "$GITHUB_OUTPUT"
+    outputs:
+      check: ${{ steps.check-fossa-api-key.outputs.check }}

.github/workflows/fossa-default.yml

@@ -1,18 +1,13 @@
-name: FOSSA CLI Analysis
+name: FOSSA CLI Analysis - Default
 on:
   pull_request:
     branches: [ $default-branch ]
 
 jobs:
   check_env:
-    runs-on: ubuntu-latest
-    env:
-      HAS_FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
-    steps:
-      - id: check-fossa-api-key
-        run: echo "check=$HAS_FOSSA_API_KEY" >> "$GITHUB_OUTPUT"
-    outputs:
-      HAS_FOSSA_API_KEY: ${{ steps.check-fossa-api-key.outputs.check }}
+    uses: newrelic/.github/.github/workflows/fossa-check-env.yml@main
+    secrets:
+      FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
 
   fossa:
     needs: check_env
@@ -23,66 +18,10 @@ jobs:
       ORG: ${{ github.repository_owner }}
       REPO: ${{ github.repository }}
       CUSTOM_PROPS_PAT: ${{ secrets.FOSSA_PAT }}
+      HAS_FOSSA_TARGETS: ""
+      FOSSA_ANALYZE_RESULT: ""
 
     steps:
       - uses: actions/checkout@v3
-      - id: fossa-list-targets
-        name: Run fossa list-targets
-        run: |
-          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
-          export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
-          export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
-
-          fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
-
-          if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
-          then
-              echo "::error::fossa list-targets ran with errors."
-              cat $LIST_TARGETS_ERR_FILE
-              echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
-          elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
-          then
-              echo "::notice::Fossa found analysis targets."
-              cat $LIST_TARGETS_OUT_FILE
-              echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
-          else
-              echo "::warning::Fossa did not find any analysis targets."
-              echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
-          fi
-      - name: Set fossaHasTargets custom property
-        run: |
-          curl -L \
-            -X PATCH \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/orgs/$ORG/properties/values \
-            -d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaHasTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
-      - id: fossa-analyze
-        name: Run fossa analyze
-        if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
-        run: |
-          export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
-          export ANALYZE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
-          fossa analyze --team='Service Accounts' --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALYZE_ERR_FILE || true
-          if [[ $(grep "ERROR" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
-          then
-              echo "::error::fossa analyze ran with errors."
-              cat $ANALYZE_ERR_FILE
-              echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
-          else
-              cat $ANALYZE_OUT_FILE
-              echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
-          fi
-      - name: Set fossaAnalyzeResult custom property
-        run: |
-          curl -L \
-            -X PATCH \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/orgs/$ORG/properties/values \
-            -d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
-      - name: Exit
-        if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
-        run: exit 1
+      - id: fossa-cli
+        uses: newrelic/.github/.github/composite/fossa-composite@main

.github/workflows/fossa-elixir.yml

@@ -1,18 +1,13 @@
-name: FOSSA CLI Analysis
+name: FOSSA CLI Analysis - Elixir
 on:
   pull_request:
     branches: [ $default-branch ]
 
 jobs:
   check_env:
-    runs-on: ubuntu-latest
-    env:
-      HAS_FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
-    steps:
-      - id: check-fossa-api-key
-        run: echo "check=$HAS_FOSSA_API_KEY" >> "$GITHUB_OUTPUT"
-    outputs:
-      HAS_FOSSA_API_KEY: ${{ steps.check-fossa-api-key.outputs.check }}
+    uses: newrelic/.github/.github/workflows/fossa-check-env.yml@main
+    secrets:
+      FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
 
   fossa:
     needs: check_env
@@ -23,71 +18,14 @@ jobs:
       ORG: ${{ github.repository_owner }}
       REPO: ${{ github.repository }}
       CUSTOM_PROPS_PAT: ${{ secrets.FOSSA_PAT }}
+      HAS_FOSSA_TARGETS: ""
+      FOSSA_ANALYZE_RESULT: ""
 
     steps:
       - uses: actions/checkout@v3
       - uses: erlef/setup-beam@v1
         with:
             otp-version: '26'
-            elixir: '1.15'
-      - id: fossa-list-targets
-        name: Run fossa list-targets
-        run: |
-          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
-          export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
-          export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
-
-          fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
-
-          if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
-          then
-              echo "::error::fossa list-targets ran with errors."
-              cat $LIST_TARGETS_ERR_FILE
-              echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
-          elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
-          then
-              echo "::notice::Fossa found analysis targets."
-              cat $LIST_TARGETS_OUT_FILE
-              echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
-          else
-              echo "::warning::Fossa did not find any analysis targets."
-              echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
-          fi
-      - name: Set fossaHasTargets custom property
-        run: |
-          curl -L \
-            -X PATCH \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/orgs/$ORG/properties/values \
-            -d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaHasTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
-      - id: fossa-analyze
-        name: Run fossa analyze
-        if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
-        run: |
-          export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
-          export ANALZYE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
-          fossa analyze --team='Service Accounts' --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALZYE_ERR_FILE || true
-          if [[ $(grep -i "error" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
-          then
-              echo "::error::fossa analyze ran with errors."
-              cat $ANALYZE_ERR_FILE
-              echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
-          else
-              cat $ANALYZE_OUT_FILE
-              echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
-          fi
-      - name: Set fossaAnalyzeResult custom property
-        run: |
-          curl -L \
-            -X PATCH \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/orgs/$ORG/properties/values \
-            -d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
-      - name: Exit
-        if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
-        run: exit 1
-
+            elixir-version: '1.15'
+      - id: fossa-cli
+        uses: newrelic/.github/.github/composite/fossa-composite@main