.github/workflows/mayhem.yml

name: Mayhem
on:
  push:
  pull_request:
  workflow_dispatch:

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  build:
    name: '${{ matrix.os }} shared=${{ matrix.shared }} ${{ matrix.build_type }}'
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest]
        shared: [false]
        build_type: [Release]
        include:
          - os: ubuntu-latest
            triplet: x64-linux

    steps:
      - uses: actions/checkout@v2

      - name: Log in to the Container registry
        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

      - name: Build and push Docker image
        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
        with:
          context: .
          file: Dockerfile.mayhem
          push: true
          build-args: --no-cache
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

      - name: Start analysis of Client
        uses: ForAllSecure/mcode-action@v1
        with:
          mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
          args: --file mayhemfiles/Mayhemfile_Client --image ${{ steps.meta.outputs.tags }}
          sarif-output: sarif

      - name: Start analysis of Deframer
        uses: ForAllSecure/mcode-action@v1
        with:
          mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
          args: --file mayhemfiles/Mayhemfile_Deframer --image ${{ steps.meta.outputs.tags }}
          sarif-output: sarif

      - name: Start analysis of Fragment
        uses: ForAllSecure/mcode-action@v1
        with:
          mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
          args: --file mayhemfiles/Mayhemfile_Fragment --image ${{ steps.meta.outputs.tags }}
          sarif-output: sarif

      - name: Start analysis of Hsjoiner
        uses: ForAllSecure/mcode-action@v1
        with:
          mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
          args: --file mayhemfiles/Mayhemfile_Hsjoiner --image ${{ steps.meta.outputs.tags }}
          sarif-output: sarif

      - name: Start analysis of Message
        uses: ForAllSecure/mcode-action@v1
        with:
          mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
          args: --file mayhemfiles/Mayhemfile_Message --image ${{ steps.meta.outputs.tags }}
          sarif-output: sarif

      - name: Start analysis of Persist
        uses: ForAllSecure/mcode-action@v1
        with:
          mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
          args: --file mayhemfiles/Mayhemfile_Persist --image ${{ steps.meta.outputs.tags }}
          sarif-output: sarif

      - name: Start analysis of Server
        uses: ForAllSecure/mcode-action@v1
        with:
          mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
          args: --file mayhemfiles/Mayhemfile_Server --image ${{ steps.meta.outputs.tags }}
          sarif-output: sarif

      - name: Upload SARIF file(s)
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: sarif