Amaroq Unit Tests #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Amaroq Unit Tests | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| permissions: | |
| actions: read # read gh actions | |
| contents: read # read access to the repo | |
| checks: write # unit test results | |
| jobs: | |
| test: | |
| name: Amaroq Test | |
| runs-on: ubuntu-latest | |
| env: | |
| SCAN_DIRECTORY: ${{ github.workspace }}/scan-results | |
| TEST_DIRECTORY: ${{ github.workspace }}/test-results | |
| VERSION: "latest" | |
| steps: | |
| # Install, smoke libs, and configure | |
| - name: Initialize | |
| shell: bash | |
| run: | | |
| echo "Building Amaroq ${{ env.VERSION }}" | |
| echo "Docker:" | |
| docker --version | |
| echo "Scan directory: ${{ env.SCAN_DIRECTORY }}" | |
| mkdir -p ${{ env.SCAN_DIRECTORY }} | |
| echo "Test directory: ${{ env.TEST_DIRECTORY }}" | |
| mkdir -p ${{ env.TEST_DIRECTORY }} | |
| # Check out the repository + submodules | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| with: | |
| submodules: recursive | |
| # Build image for testing | |
| - name: Build Image | |
| shell: bash | |
| run: | | |
| docker build --build-arg VERSION=${{ env.VERSION }} -t pumasecurity/amaroq:${{ env.VERSION }} . | |
| - name: Test Image | |
| shell: bash | |
| run: | | |
| docker run pumasecurity/amaroq:${{ env.VERSION }} jq --version | |
| docker run pumasecurity/amaroq:${{ env.VERSION }} sarif --version | |
| docker run pumasecurity/amaroq:${{ env.VERSION }} amaroq --version | |
| # - name: Puma Scan | |
| # shell: bash | |
| # run: | | |
| # docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool PumaScan --current /scan-input/pumascan_1.sarif --output-directory /scan-output --output-filename pumascan_1.sarif | |
| # docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool PumaScan --previous /scan-output/pumascan_1.sarif --current /scan-input/pumascan_2.sarif --output-directory /scan-output --output-filename pumascan_2.sarif | |
| # - name: Semgrep | |
| # shell: bash | |
| # run: | | |
| # docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Semgrep --current /scan-input/semgrep_1.sarif --output-directory /scan-output --output-filename semgrep_1.sarif | |
| # docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Semgrep --previous /scan-output/semgrep_1.sarif --current /scan-input/semgrep_2.sarif --output-directory /scan-output --output-filename semgrep_2.sarif | |
| # - name: Trivy | |
| # shell: bash | |
| # run: | | |
| # docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Trivy --current /scan-input/trivy_1.sarif --output-directory /scan-output --output-filename trivy_1.sarif | |
| # docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Trivy --previous /scan-output/trivy_1.sarif --current /scan-input/trivy_2.sarif --output-directory /scan-output --output-filename trivy_2.sarif | |
| - name: Nessus | |
| shell: bash | |
| run: | | |
| docker run -v ${PWD}/docs/samples/nessus:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Nessus --current /scan-input/10.3.1.112_1.nessus --output-directory /scan-output --output-filename 10.3.1.112_1.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml | |
| docker run -v ${PWD}/docs/samples/nessus:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Nessus --current /scan-input/10.3.1.112_2.nessus --output-directory /scan-output --output-filename 10.3.1.112_2.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml --previous /scan-input/10.3.1.112_1_previous.sarif | |
| - name: Snyk OSS | |
| shell: bash | |
| run: | | |
| docker run -v ${PWD}/docs/samples/snyk-oss:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool SnykOpenSource --current /scan-input/snyk-oss_1.json --output-directory /scan-output --output-filename snyk-oss_1.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml | |
| docker run -v ${PWD}/docs/samples/snyk-oss:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool SnykOpenSource --previous /scan-input/snyk-oss_1_previous.sarif --current /scan-input/snyk-oss_2.json --output-directory /scan-output --output-filename snyk-oss_2.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml | |
| - name: Snyk Code | |
| shell: bash | |
| run: | | |
| docker run -v ${PWD}/docs/samples/snyk-code:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool SnykCode --current /scan-input/snyk-raw-v1.sarif --output-directory /scan-output --output-filename snyk-v1.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml | |
| docker run -v ${PWD}/docs/samples/snyk-code:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool SnykCode --previous /scan-input/snyk-v1_previous.sarif --current /scan-input/snyk-raw-v2.sarif --output-directory /scan-output --output-filename snyk-v2.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml | |
| - name: Run Unit Tests | |
| run: /bin/bash ./build/bats.sh ${{ github.workspace }}/tests ${{ env.TEST_DIRECTORY }} | |
| - name: Publish Test Results | |
| uses: dorny/[email protected] | |
| if: success() || failure() | |
| with: | |
| name: "Unit Test Results" | |
| path: "${{ env.TEST_DIRECTORY }}/bats.junit.xml" | |
| reporter: "java-junit" | |
| - name: Publish Analysis Results | |
| if: success() || failure() | |
| uses: actions/[email protected] | |
| with: | |
| name: "analysis-results" | |
| path: ${{ env.SCAN_DIRECTORY }}/ |