Skip to content

fix(query): exclude configMap and secret from "Volume Mount With OS Directory Write Permissions" #11800

fix(query): exclude configMap and secret from "Volume Mount With OS Directory Write Permissions"

fix(query): exclude configMap and secret from "Volume Mount With OS Directory Write Permissions" #11800

Workflow file for this run

name: go-e2e
on:
pull_request:
branches: [master]
jobs:
e2e-tests:
name: e2e-tests
strategy:
fail-fast: false
matrix:
go-version: [1.23.x]
os: [ubuntu-latest]
kics-docker: ["Dockerfile", "docker/Dockerfile.ubi8"]
runs-on: ${{ matrix.os }}
steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
with:
access_token: ${{ github.token }}
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Print go env
run: go env
- name: Get Modules
run: go mod vendor
- name: Set up Node v14
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Install mock server
run: npm ci
working-directory: .github/scripts/server-mock
- name: Start mock server
run: (npm run start&)
working-directory: .github/scripts/server-mock
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: Cache Docker layers
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
restore-keys: |
${{ runner.os }}-buildx-${{ github.ref }}
- name: Get short SHA
run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
- name: Build
id: docker_build
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
with:
load: true
context: ./
file: ./${{ matrix.kics-docker }}
builder: ${{ steps.buildx.outputs.name }}
push: false
tags: kics:e2e-tests-${{ github.sha }}
build-args: |
VERSION=development
COMMIT=${{ github.sha }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: Display PWD / Files
run: |
pwd
ls
- name: Set Output Permissions
run: |
sudo chmod -R 777 ./e2e
- name: Run E2E Tests
env:
E2E_KICS_DOCKER: kics:e2e-tests-${{ github.sha }}
E2E_KICS_QUERIES_PATH: ${{ steps.getbin.outputs.queries }}
run: |
go test -tags dev "github.com/Checkmarx/kics/v2/e2e" -timeout 1500s -json > results.json
- name: Generate E2E Report
if: always()
env:
E2E_KICS_DOCKERFILE: ${{ matrix.kics-docker }}
run: |
CWD=$(pwd)
cd .github/scripts/report
go mod tidy
go build
./e2e-report -test-path ${CWD} -test-name results.json -report-path ${CWD} -report-name e2e-report.html
- name: Get docker name
run: |
DOCKER_NAME=$(echo ${{ matrix.kics-docker }} | sed 's/\//-/')
echo "DOCKER_NAME=$DOCKER_NAME" >> $GITHUB_ENV
- name: Archive test report
if: always()
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
with:
name: e2e-tests-report-${{ env.DOCKER_NAME }}
path: e2e-report.html