diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4961b1f..f4df62a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,48 +11,38 @@ defaults: shell: bash jobs: - test-check: - name: trivy (github-check) + setup: runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.output-matrix.outputs.matrix }} steps: - uses: actions/checkout@v4 - - - uses: ./ - continue-on-error: true - id: test - with: - github_token: ${{ secrets.github_token }} - trivy_command: config - trivy_target: . - reporter: github-check - level: info - working_directory: testdata/with_detections - - # The check is expected to fail on the test data - - name: Check return codes - if: success() || failure () + - name: Set up matrix + id: output-matrix run: | - trivy_return="${{ steps.test.outputs.trivy-return-code }}" - reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}" - - if [[ "$trivy_return" -eq 1 ]]; then - echo "trivy correctly returned failure ${trivy_return}" - else - echo "trivy returned ${trivy_return}, expected '1'. Failing..." - exit 1 - fi + # Find all the directories in the testdata directory + DIRS="$(find ./testdata -type d)" + for dir in ${DIRS}; do + if [ "$(echo "${DIRS}" | grep -c "${dir}" || true)" -le 1 ]; then + DIRS_RESULT="${DIRS_RESULT}${dir}," + fi + done + + # Build actions' matrix from testadata dirs + # e.x. ./testdata/config/terraform/with_detections => { "dir": "./testdata/config/terraform/with_detections", "command": "config", "type": "with_detections", "label": "config/terraform" } + MATRIX_JSON=$(echo "${DIRS_RESULT}" | sed 's/,$//' | sed 's/\\n//g' | jq -R -s -c 'split(",") | [.[] | {dir: ., command: split("/")[2], type: split("/")[4], label: [split("/")[2],split("/")[3]] | join("/")}]') + MATRIX="matrix={\"include\":${MATRIX_JSON}}" >> $GITHUB_OUTPUT + echo "${MATRIX}" + echo "${MATRIX}" >> $GITHUB_OUTPUT - if [[ "$reviewdog_return" -eq 0 ]]; then - echo "reviewdog correctly returned success: ${reviewdog_return}" - else - echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..." - exit 1 - fi - - test-check-without-detections: - name: trivy (github-check-without-detections) + test-check: + name: trivy (github-check) runs-on: ubuntu-latest + needs: setup + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.setup.outputs.matrix) }} steps: - uses: actions/checkout@v4 @@ -62,24 +52,34 @@ jobs: id: test with: github_token: ${{ secrets.github_token }} - trivy_command: config + trivy_command: ${{ matrix.command }} trivy_target: . reporter: github-check level: info - working_directory: testdata/without_detections + working_directory: ${{ matrix.dir }} # The check is expected to fail on the test data - name: Check return codes if: success() || failure () run: | + check_type="${{ matrix.type }}" trivy_return="${{ steps.test.outputs.trivy-return-code }}" reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}" - if [[ "$trivy_return" -eq 0 ]]; then - echo "trivy correctly returned success ${trivy_return}" + if [[ "$check_type" = "with_detections" ]]; then + if [[ "$trivy_return" -eq 1 ]]; then + echo "trivy correctly returned failure: ${trivy_return}" + else + echo "trivy returned ${trivy_return}, expected '1'. Failing..." + exit 1 + fi else - echo "trivy returned ${trivy_return}, expected '0'. Failing..." - exit 1 + if [[ "$trivy_return" -eq 0 ]]; then + echo "trivy correctly returned success: ${trivy_return}" + else + echo "trivy returned ${trivy_return}, expected '0'. Failing..." + exit 1 + fi fi if [[ "$reviewdog_return" -eq 0 ]]; then @@ -106,7 +106,7 @@ jobs: trivy_target: . reporter: github-pr-check level: info - working_directory: testdata/with_detections + working_directory: testdata/config/terraform/with_detections # The check is expected to fail on the test data - name: Check return codes @@ -146,7 +146,7 @@ jobs: trivy_target: . reporter: github-pr-review level: info - working_directory: testdata/with_detections + working_directory: testdata/config/terraform/with_detections # The check is expected to fail on the test data # but for forked PRs reviewdog will just output @@ -191,7 +191,7 @@ jobs: trivy_target: . reporter: github-check level: info - working_directory: testdata/with_detections + working_directory: testdata/config/terraform/with_detections # The check is expected to fail on the test data - name: Check return codes diff --git a/README.md b/README.md index 1d27528..c5d343f 100644 --- a/README.md +++ b/README.md @@ -145,6 +145,18 @@ jobs: ## Development +### Tests + +#### GitHub Actions + +You can add the test files under the `./testdata` without any other changes. You need to create a directory with following naming rules and put the test files. + +``` +./testdata///[with_detecitons|without_detections] +``` + +For example, files in `./testdata/config/terraform/without_detecions` runs `trivy config ./testdata/config/terraform/without_detections` expecting without any detections. + ### Release #### [haya14busa/action-bumpr](https://github.com/haya14busa/action-bumpr) diff --git a/testdata/with_detections/example.tf b/testdata/config/terraform/with_detections/example.tf similarity index 100% rename from testdata/with_detections/example.tf rename to testdata/config/terraform/with_detections/example.tf diff --git a/testdata/with_detections/main.tf b/testdata/config/terraform/with_detections/main.tf similarity index 100% rename from testdata/with_detections/main.tf rename to testdata/config/terraform/with_detections/main.tf diff --git a/testdata/without_detections/main.tf b/testdata/config/terraform/without_detections/main.tf similarity index 100% rename from testdata/without_detections/main.tf rename to testdata/config/terraform/without_detections/main.tf diff --git a/testdata/filesystem/npm/with_detections/package-lock.json b/testdata/filesystem/npm/with_detections/package-lock.json new file mode 100644 index 0000000..514c874 --- /dev/null +++ b/testdata/filesystem/npm/with_detections/package-lock.json @@ -0,0 +1,20 @@ +{ + "name": "npm", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "npm", + "version": "1.0.0", + "dependencies": { + "lodash": "^4.0.0" + } + }, + "node_modules/lodash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.0.0.tgz", + "integrity": "sha512-bWpSlBobTcHYK9eUzcBYHhSBGzvSzEsxocnW5+v7p6wCRlY1icneTe2ACam3mGdAu82+RLL32cmyl7TRlJHqZw==" + } + } +} diff --git a/testdata/filesystem/npm/with_detections/package.json b/testdata/filesystem/npm/with_detections/package.json new file mode 100644 index 0000000..79bc80c --- /dev/null +++ b/testdata/filesystem/npm/with_detections/package.json @@ -0,0 +1,15 @@ +{ + "name": "npm", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + "lodash": "^4.0.0" + } +} diff --git a/testdata/filesystem/npm/without_detections/package-lock.json b/testdata/filesystem/npm/without_detections/package-lock.json new file mode 100644 index 0000000..bce49cf --- /dev/null +++ b/testdata/filesystem/npm/without_detections/package-lock.json @@ -0,0 +1,12 @@ +{ + "name": "npm", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "npm", + "version": "1.0.0" + } + } +} diff --git a/testdata/filesystem/npm/without_detections/package.json b/testdata/filesystem/npm/without_detections/package.json new file mode 100644 index 0000000..b959061 --- /dev/null +++ b/testdata/filesystem/npm/without_detections/package.json @@ -0,0 +1,14 @@ +{ + "name": "npm", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + } +} diff --git a/testdata/fs/npm/with_detections/package-lock.json b/testdata/fs/npm/with_detections/package-lock.json new file mode 100644 index 0000000..514c874 --- /dev/null +++ b/testdata/fs/npm/with_detections/package-lock.json @@ -0,0 +1,20 @@ +{ + "name": "npm", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "npm", + "version": "1.0.0", + "dependencies": { + "lodash": "^4.0.0" + } + }, + "node_modules/lodash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.0.0.tgz", + "integrity": "sha512-bWpSlBobTcHYK9eUzcBYHhSBGzvSzEsxocnW5+v7p6wCRlY1icneTe2ACam3mGdAu82+RLL32cmyl7TRlJHqZw==" + } + } +} diff --git a/testdata/fs/npm/with_detections/package.json b/testdata/fs/npm/with_detections/package.json new file mode 100644 index 0000000..79bc80c --- /dev/null +++ b/testdata/fs/npm/with_detections/package.json @@ -0,0 +1,15 @@ +{ + "name": "npm", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + "lodash": "^4.0.0" + } +} diff --git a/testdata/fs/npm/without_detections/package-lock.json b/testdata/fs/npm/without_detections/package-lock.json new file mode 100644 index 0000000..bce49cf --- /dev/null +++ b/testdata/fs/npm/without_detections/package-lock.json @@ -0,0 +1,12 @@ +{ + "name": "npm", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "npm", + "version": "1.0.0" + } + } +} diff --git a/testdata/fs/npm/without_detections/package.json b/testdata/fs/npm/without_detections/package.json new file mode 100644 index 0000000..b959061 --- /dev/null +++ b/testdata/fs/npm/without_detections/package.json @@ -0,0 +1,14 @@ +{ + "name": "npm", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + } +}