-
Notifications
You must be signed in to change notification settings - Fork 310
97 lines (90 loc) · 3.79 KB
/
go-ci-integration.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: go-ci-integration
on:
pull_request:
branches: [master]
jobs:
integration-tests:
name: integration-tests
runs-on: ubuntu-latest
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
with:
cancel_others: false
paths_ignore: '["docs/**", "**/**.md", "examples"]'
- name: Check out code into the Go module directory
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: Cache Docker layers
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
restore-keys: |
${{ runner.os }}-buildx-${{ github.ref }}
- name: Get short SHA
run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
- name: Build
id: docker_build
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
with:
load: true
context: ./
file: ./Dockerfile
builder: ${{ steps.buildx.outputs.name }}
push: false
tags: kics:${{ github.sha }}
build-args: |
VERSION=${GITHUB_SHA_SHORT}
COMMIT=${GITHUB_SHA}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: Run docker image and generate results.json
run: |
docker run --user $(id -u):$(id -g) -v ${PWD}/assets/queries:/path \
kics:${{ github.sha }} scan \
--silent \
--disable-full-descriptions \
--ignore-on-exit "results" \
--log-level DEBUG \
--log-path "/path/info.log" \
-p "/path" \
-o "/path/"
- name: Archive test logs
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
if: always()
with:
name: integration-logs-${{ github.event.pull_request.head.sha }}
path: assets/queries/info.log
- name: Display results
run: |
cat ${PWD}/assets/queries/results.json
- name: Archive test results
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with:
name: integration-results-${{ github.event.pull_request.head.sha }}
path: assets/queries/results.json
- name: Assert results.json
run: |
set -eo pipefail
COUNT=$(jq '.queries_total' ${PWD}/assets/queries/results.json)
echo "Assert queries_total > 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -gt 0
COUNT=$(jq '.total_counter' ${PWD}/assets/queries/results.json)
echo "Assert total_counter > 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -gt 0
COUNT=$(jq '.files_scanned' ${PWD}/assets/queries/results.json)
echo "Assert files_scanned > 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -gt 0
COUNT=$(jq '.queries_failed_to_execute' ${PWD}/assets/queries/results.json)
echo "Assert queries_failed_to_execute == 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -eq 0
COUNT=$(jq '.files_failed_to_scan' ${PWD}/assets/queries/results.json)
echo "Assert files_failed_to_scan == 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -eq 0