fixes

olokotoh · Sep 19, 2024 · 15ff1d9 · 15ff1d9
1 parent 28ecfc5
commit 15ff1d9
Showing 1 changed file with 18 additions and 28 deletions.
diff --git a/.github/workflows/security-checks.yml b/.github/workflows/security-checks.yml
@@ -25,30 +25,23 @@ jobs:
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3 
-        with:
-          output: "./codeql-results.sarif" # Save the SARIF report to the workspace
+
+      - name: List Directory Contents
+        run: |
+          echo "Listing directory contents after CodeQL analysis:"
+          ls -R
+          echo "Looking for the SARIF file in the default locations:"
+          find . -name "*.sarif"
 
       - name: Check SARIF File Existence
         run: |
-          if [ -f codeql-results.sarif ]; then
-            echo "SARIF file exists."
+          SARIF_FILE=$(find . -name "*.sarif" | head -n 1)
+          if [ -f "$SARIF_FILE" ]; then
+            echo "SARIF file exists at $SARIF_FILE."
           else
             echo "SARIF file does not exist!" && exit 1
           fi
 
-      - name: Display SARIF Content
-        run: |
-          echo "Displaying SARIF content:"
-          cat codeql-results.sarif
-        continue-on-error: true # Do not fail the job if this step encounters issues
-
-      - name: Generate Markdown from SARIF
-        run: |
-          echo "# CodeQL Analysis Report" > codeql-report.md
-          echo "## Detected Vulnerabilities" >> codeql-report.md
-          vulnerabilities=$(jq -r '.runs[].results[] | "\n### \(.ruleId)\n**File:** \(.locations[].physicalLocation.artifactLocation.uri)\n**Line:** \(.locations[].physicalLocation.region.startLine)\n**Message:** \(.message.text)"' codeql-results.sarif)
-          echo "$vulnerabilities" >> codeql-report.md
-
   gitleaks-scan:
     name: "Gitleaks Secrets Scan"
     runs-on: ubuntu-latest
@@ -58,15 +51,6 @@ jobs:
 
       - name: Run Gitleaks scan
         uses: gitleaks/gitleaks-action@v2
-        with:
-          args: '--report-format=json --report-path=gitleaks-report.json'
-
-      - name: Convert Gitleaks JSON Report to Markdown
-        run: |
-          echo "# Gitleaks Secrets Report" > gitleaks-report.md
-          echo "## Detected Secrets" >> gitleaks-report.md
-          secrets=$(jq -r '.[] | "\n### \(.Description)\n**File:** \(.File)\n**Line:** \(.StartLine)\n**Secret:** \(.Secret)"' gitleaks-report.json)
-          echo "$secrets" >> gitleaks-report.md
 
   create-issue-on-failure:
     if: ${{ failure() }}
@@ -77,8 +61,14 @@ jobs:
         run: |
           echo "# Security Check Failure" > failure_log.txt
           echo "One or more security checks failed. Please review the following reports for more details:" >> failure_log.txt
-          cat codeql-report.md >> failure_log.txt || true
-          cat gitleaks-report.md >> failure_log.txt || true
+          echo "## CodeQL Report:" >> failure_log.txt
+          SARIF_FILE=$(find . -name "*.sarif" | head -n 1)
+          if [ -f "$SARIF_FILE" ]; then
+            echo "[CodeQL Results SARIF]($SARIF_FILE)" >> failure_log.txt
+          else
+            echo "No CodeQL SARIF file found." >> failure_log.txt
+          echo "## Gitleaks Report:" >> failure_log.txt
+          echo "[Gitleaks Report not available]" >> failure_log.txt
 
       - name: Create GitHub issue on failure
         uses: peter-evans/create-issue-from-file@v4