Skip to content

Commit 8fc16c6

Browse files
committed
Merge branch 'vtResults' into staging
2 parents 80a4b30 + fc55140 commit 8fc16c6

File tree

1 file changed

+95
-11
lines changed

1 file changed

+95
-11
lines changed

.github/workflows/virusScanAllAddons.yml

Lines changed: 95 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -11,19 +11,18 @@ on:
1111
- cron: '0 18 * * *'
1212
workflow_dispatch:
1313

14+
env:
15+
BRANCH_NAME: addScanResults${{ github.run_number }}
16+
1417
jobs:
1518
virusTotal-analysis:
1619
runs-on: windows-latest
17-
strategy:
18-
matrix:
19-
python-version: [ 3.13 ]
2020
permissions:
2121
contents: write
2222
pull-requests: write
2323
env:
2424
VT_API_KEY: ${{ secrets.VT_API_KEY }}
2525
VT_API_LIMIT: ${{ vars.VT_API_LIMIT }}
26-
BRANCH_NAME: addVTresults${{ github.run_number }}
2726
BATCH_SIZE: 10
2827
steps:
2928
- name: Checkout repository
@@ -43,7 +42,7 @@ jobs:
4342
shell: bash
4443
run: |
4544
for file in ./addons/*/*.json; do
46-
if (jq -r '.scanResults | .virusTotal' "$file" | grep -q 'null\|""'); then
45+
if (jq -r '.scanResults.virusTotal' "$file" | grep -q '^null\|""$'); then
4746
echo "$file" >> addonsWithoutVT.txt
4847
fi
4948
done
@@ -57,7 +56,7 @@ jobs:
5756
const fs = require('fs')
5857
const addonsWithoutVT = fs.readFileSync('addonsWithoutVT.txt', 'utf-8').split('\n').filter(Boolean)
5958
setVirusTotalAnalysisStatus({core}, addonsWithoutVT.slice(0, ${{ env.BATCH_SIZE }}))
60-
- name: Create PR for updated VT urls
59+
- name: Push updated VT urls
6160
shell: bash
6261
run: |
6362
git add addons
@@ -66,11 +65,96 @@ jobs:
6665
git commit -m "Add VirusTotal results"
6766
git pull --rebase
6867
git push --set-upstream origin ${{ env.BRANCH_NAME }}
68+
env:
69+
GH_TOKEN: ${{ github.token }}
70+
71+
codeQL-analysis-prep:
72+
runs-on: windows-latest
73+
outputs:
74+
addonsWithoutCodeQL: ${{ steps.getAddonsWithoutCodeQL.outputs.addonsWithoutCodeQL }}
75+
env:
76+
BATCH_SIZE: 10
77+
steps:
78+
- name: Checkout repository
79+
uses: actions/checkout@v5
80+
with:
81+
ref: ${{ env.BRANCH_NAME }}
82+
- name: Install Node.js
83+
uses: actions/setup-node@v4
84+
- name: Install npm dependencies
85+
run: npm install uuid
86+
- name: Get add-on filenames without scan results
87+
shell: bash
88+
run: |
89+
for file in ./addons/*/*.json; do
90+
if (jq -r '.scanResults | ."codeQL-errors"' "$file" | grep -q 'null\|""'); then
91+
echo "$file" >> addonsWithoutCodeQL.txt
92+
fi
93+
done
94+
wc -l addonsWithoutCodeQL.txt | awk '{print "Total add-ons without scan results: " $1}'
95+
# take the first batch of lines
96+
head -n ${{ env.BATCH_SIZE }} addonsWithoutCodeQL.txt > addonsWithoutCodeQL_batch.txt
97+
# Create JSON list of file names, single line string
98+
99+
jq -R . < addonsWithoutCodeQL_batch.txt | jq -s -c . > addonsWithoutCodeQL.json
100+
# Store as GitHub output
101+
echo "addonsWithoutCodeQL=$(cat addonsWithoutCodeQL.json)" >> $GITHUB_OUTPUT
102+
103+
codeQL-analysis:
104+
needs: codeQL-analysis-prep
105+
runs-on: windows-latest
106+
permissions:
107+
contents: write
108+
strategy:
109+
matrix:
110+
addonFileName: ${{ fromJson(needs.codeQL-analysis-prep.outputs.addonsWithoutCodeQL) }}
111+
steps:
112+
- name: Checkout repository
113+
uses: actions/checkout@v5
114+
with:
115+
ref: ${{ env.BRANCH_NAME }}
116+
- name: Set CodeQL analysis status
117+
id: analysis
118+
uses: ./.github/workflows/codeql-analysis.yml
119+
with:
120+
addonFileName: ${{ matrix.addonFileName }}
121+
branchName: ${{ env.BRANCH_NAME }}
122+
- name: Collate analysis results into add-on metadata
123+
run: |
124+
jq --argjson codeQLwarnings '${{ steps.analysis.outputs.warningsJSON }}' \
125+
--argjson codeQLerrors '${{ steps.analysis.outputs.errorsJSON }}' \
126+
'. + {
127+
scanResults: {
128+
"codeQL-warnings": $codeQLwarnings,
129+
"codeQL-errors": $codeQLerrors
130+
}
131+
}' \
132+
${{ matrix.addonFileName }} > tmp.json
133+
mv tmp.json ${{ matrix.addonFileName }}
134+
- name: Commit add-on metadata
135+
run: |
136+
git add ${{ matrix.addonFileName }}
137+
git config user.name "github-actions"
138+
git config user.email "github-actions@github.com"
139+
git commit -m "Add codeQL analysis results for ${{ matrix.addonFileName }}"
140+
git pull --rebase
141+
git push --set-upstream origin ${{ env.branchName }}
142+
143+
pull-request:
144+
needs: codeQL-analysis
145+
runs-on: windows-latest
146+
permissions:
147+
contents: write
148+
pull-requests: write
149+
steps:
150+
- name: Open pr and merge
151+
shell: bash
152+
run: |
69153
gh pr create \
70-
--title "Add VirusTotal results" \
71-
--base ${{ github.ref }} \
72-
--head ${{ env.BRANCH_NAME }} \
73-
--body "Add VirusTotal results to add-ons"
74-
gh pr merge --merge "${{ env.BRANCH_NAME }}"
154+
--title "Add scanning results" \
155+
--base ${{ github.ref }} \
156+
--head ${{ env.BRANCH_NAME }} \
157+
--body "Add scanning results to add-ons"
158+
gh pr merge --merge "${{ env.BRANCH_NAME }}"
75159
env:
76160
GH_TOKEN: ${{ github.token }}

0 commit comments

Comments
 (0)