-
Notifications
You must be signed in to change notification settings - Fork 1
105 lines (90 loc) · 6.86 KB
/
smoke-test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Amaroq Unit Tests
on:
pull_request:
branches: [ main ]
workflow_dispatch:
permissions:
actions: read # read gh actions
contents: read # read access to the repo
checks: write # unit test results
jobs:
test:
name: Amaroq Test
runs-on: ubuntu-latest
env:
SCAN_DIRECTORY: ${{ github.workspace }}/scan-results
TEST_DIRECTORY: ${{ github.workspace }}/test-results
VERSION: "latest"
steps:
# Install, smoke libs, and configure
- name: Initialize
shell: bash
run: |
echo "Building Amaroq ${{ env.VERSION }}"
echo "Docker:"
docker --version
echo "Scan directory: ${{ env.SCAN_DIRECTORY }}"
mkdir -p ${{ env.SCAN_DIRECTORY }}
echo "Test directory: ${{ env.TEST_DIRECTORY }}"
mkdir -p ${{ env.TEST_DIRECTORY }}
# Check out the repository + submodules
- name: Checkout
uses: actions/[email protected]
with:
submodules: recursive
# Build image for testing
- name: Build Image
shell: bash
run: |
docker build --build-arg VERSION=${{ env.VERSION }} -t pumasecurity/amaroq:${{ env.VERSION }} .
- name: Test Image
shell: bash
run: |
docker run pumasecurity/amaroq:${{ env.VERSION }} jq --version
docker run pumasecurity/amaroq:${{ env.VERSION }} sarif --version
docker run pumasecurity/amaroq:${{ env.VERSION }} amaroq --version
# - name: Puma Scan
# shell: bash
# run: |
# docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool PumaScan --current /scan-input/pumascan_1.sarif --output-directory /scan-output --output-filename pumascan_1.sarif
# docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool PumaScan --previous /scan-output/pumascan_1.sarif --current /scan-input/pumascan_2.sarif --output-directory /scan-output --output-filename pumascan_2.sarif
# - name: Semgrep
# shell: bash
# run: |
# docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Semgrep --current /scan-input/semgrep_1.sarif --output-directory /scan-output --output-filename semgrep_1.sarif
# docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Semgrep --previous /scan-output/semgrep_1.sarif --current /scan-input/semgrep_2.sarif --output-directory /scan-output --output-filename semgrep_2.sarif
# - name: Trivy
# shell: bash
# run: |
# docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Trivy --current /scan-input/trivy_1.sarif --output-directory /scan-output --output-filename trivy_1.sarif
# docker run -v ${PWD}/docs/samples/tenable:/scan-input -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Trivy --previous /scan-output/trivy_1.sarif --current /scan-input/trivy_2.sarif --output-directory /scan-output --output-filename trivy_2.sarif
- name: Nessus
shell: bash
run: |
docker run -v ${PWD}/docs/samples/nessus:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Nessus --current /scan-input/10.3.1.112_1.nessus --output-directory /scan-output --output-filename 10.3.1.112_1.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml
docker run -v ${PWD}/docs/samples/nessus:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool Nessus --current /scan-input/10.3.1.112_2.nessus --output-directory /scan-output --output-filename 10.3.1.112_2.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml --previous /scan-input/10.3.1.112_1_previous.sarif
- name: Snyk OSS
shell: bash
run: |
docker run -v ${PWD}/docs/samples/snyk-oss:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool SnykOpenSource --current /scan-input/snyk-oss_1.json --output-directory /scan-output --output-filename snyk-oss_1.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml
docker run -v ${PWD}/docs/samples/snyk-oss:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool SnykOpenSource --previous /scan-input/snyk-oss_1_previous.sarif --current /scan-input/snyk-oss_2.json --output-directory /scan-output --output-filename snyk-oss_2.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml
- name: Snyk Code
shell: bash
run: |
docker run -v ${PWD}/docs/samples/snyk-code:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool SnykCode --current /scan-input/snyk-raw-v1.sarif --output-directory /scan-output --output-filename snyk-v1.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml
docker run -v ${PWD}/docs/samples/snyk-code:/scan-input -v ${PWD}/docs/samples/settings:/settings -v ${{ env.SCAN_DIRECTORY }}:/scan-output pumasecurity/amaroq:${{ env.VERSION }} amaroq --tool SnykCode --previous /scan-input/snyk-v1_previous.sarif --current /scan-input/snyk-raw-v2.sarif --output-directory /scan-output --output-filename snyk-v2.sarif --organization-id "${{ github.repository_owner }}" --project-id "${{ github.repository }}" --settings /settings/settings.yaml
- name: Run Unit Tests
run: /bin/bash ./build/bats.sh ${{ github.workspace }}/tests ${{ env.TEST_DIRECTORY }}
- name: Publish Test Results
uses: dorny/[email protected]
if: success() || failure()
with:
name: "Unit Test Results"
path: "${{ env.TEST_DIRECTORY }}/bats.junit.xml"
reporter: "java-junit"
- name: Publish Analysis Results
if: success() || failure()
uses: actions/[email protected]
with:
name: "analysis-results"
path: ${{ env.SCAN_DIRECTORY }}/