PR Workflow updated to include Snyk Testing #9
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Testing Pipeline | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| connector-list: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| connectors: ${{ steps.list.outputs.connectors }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Collect Connector list | |
| id: list | |
| run: | | |
| echo "connectors=$(ls connectors | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT | |
| security-testing: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - uses: yezz123/setup-uv@v4 | |
| - uses: snyk/actions/setup@master | |
| - name: Export and install all requirements for Snyk | |
| run: | | |
| for connector in $(ls connectors);do | |
| uv pip compile connectors/${connector}/pyproject.toml -o connectors/${connector}/requirements.txt | |
| pip3 install -r connectors/${connector}/requirements.txt | |
| done | |
| - name: Snyk Scan | |
| uses: snyk/actions/node@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| command: test --all-projects --command=python3 --skip-unresolved=true --sarif-file-output=snyk.sarif | |
| - name: Upload retults to Github Code Scanning | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: snyk.sarif | |
| test-build: | |
| name: connector ${{ matrix.connector }} | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| needs: connector-list | |
| strategy: | |
| matrix: | |
| connector: ${{ fromJSON(needs.connector-list.outputs.connectors) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install TOML Tools | |
| run: pip install toml-cli | |
| - name: Create Build Environment | |
| run: | | |
| mkdir build | |
| cp -a connectors/${{ matrix.connector }}/* build/ | |
| cp base/* build/ | |
| cp base/.dockerignore build/ | |
| - name: Build ${{ matrix.connector }} | |
| run: | | |
| export BUILDX_NO_DEFAULT_ATTESTATIONS=1 | |
| CON_VERSION=$(toml get --toml-path build/pyproject.toml project.version) | |
| docker buildx build build \ | |
| --progress plain \ | |
| --no-cache \ | |
| --target release \ | |
| --tag connector \ | |
| --tag tenable-connectors/connector-${{ matrix.connector }}:latest \ | |
| --tag tenable-connectors/connector-${{ matrix.connector }}:${CON_VERSION} | |
| - name: Docker Login | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ vars.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Docker Scout | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: cves,recommendations,compare | |
| image: connector | |
| only-severities: critical,high,medium | |
| ignore-unchanged: true | |
| ignore-base: true |