Skip to content

feat(critical): add critical severity to KICS CLI #10757

feat(critical): add critical severity to KICS CLI

feat(critical): add critical severity to KICS CLI #10757

name: go-ci-integration
on:
pull_request:
branches: [master]
jobs:
integration-tests:
name: integration-tests
runs-on: ubuntu-latest
steps:
- id: skip_check
uses: fkirc/[email protected]
with:
cancel_others: false
paths_ignore: '["docs/**", "**/**.md", "examples"]'
- name: Check out code into the Go module directory
uses: actions/checkout@v3
with:
persist-credentials: false
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
restore-keys: |
${{ runner.os }}-buildx-${{ github.ref }}
- name: Get short SHA
run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
- name: Build
id: docker_build
uses: docker/[email protected]
with:
load: true
context: ./
file: ./Dockerfile
builder: ${{ steps.buildx.outputs.name }}
push: false
tags: kics:${{ github.sha }}
build-args: |
VERSION=${GITHUB_SHA_SHORT}
COMMIT=${GITHUB_SHA}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: Run docker image and generate results.json
run: |
docker run -v ${PWD}/assets/queries:/path \
kics:${{ github.sha }} scan \
--silent \
--disable-full-descriptions \
--ignore-on-exit "results" \
--log-level DEBUG \
--log-path "/path/info.log" \
-p "/path" \
-o "/path/"
- name: Archive test logs
uses: actions/upload-artifact@v3
if: always()
with:
name: integration-logs-${{ github.event.pull_request.head.sha }}
path: assets/queries/info.log
- name: Display results
run: |
cat ${PWD}/assets/queries/results.json
- name: Archive test results
uses: actions/upload-artifact@v3
with:
name: integration-results-${{ github.event.pull_request.head.sha }}
path: assets/queries/results.json
- name: Assert results.json
run: |
set -eo pipefail
COUNT=$(jq '.queries_total' ${PWD}/assets/queries/results.json)
echo "Assert queries_total > 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -gt 0
COUNT=$(jq '.total_counter' ${PWD}/assets/queries/results.json)
echo "Assert total_counter > 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -gt 0
COUNT=$(jq '.files_scanned' ${PWD}/assets/queries/results.json)
echo "Assert files_scanned > 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -gt 0
COUNT=$(jq '.queries_failed_to_execute' ${PWD}/assets/queries/results.json)
echo "Assert queries_failed_to_execute == 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -eq 0
COUNT=$(jq '.files_failed_to_scan' ${PWD}/assets/queries/results.json)
echo "Assert files_failed_to_scan == 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -eq 0