-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (115 loc) · 3.88 KB
/
testing.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Testing Pipeline
on:
pull_request:
types: [assigned, opened, synchronize, reopened, ready_for_review]
#on: [push]
jobs:
connector-list:
runs-on: ubuntu-latest
outputs:
connectors: ${{ steps.list.outputs.connectors }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Collect Connector list
id: list
run: |
CONNECTORS=()
for connector in $(ls connectors);do
if [ "$( git diff --name-only origin/main... -- connectors/${connector} )" != "" ] || [ "$( git diff --name-only origin/main... -- base )" != "" ] || [ "${{ vars.BUILD_ALL_CONNECTORS }}" == "true" ];then
CONNECTORS+=("${connector}")
fi
done
echo "connectors=$(echo -n "${CONNECTORS[@]}" | jq -R -s -c 'split(" ")')" >> $GITHUB_OUTPUT
snyk:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: snyk/actions/setup@master
- uses: astral-sh/setup-uv@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Export requirements file for Snyk
run: |
for connector in connectors/*/;do
connector=${connector%*/}
uv pip compile ${connector}/pyproject.toml -o ${connector}/requirements.txt --system
uv pip install -r ${connector}/requirements.txt --system
done
which python
- name: Run Snyk
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
cat .snyk
snyk test --all-projects --policy-path=.snyk
test-build:
name: connector ${{ matrix.connector }}
runs-on: ubuntu-latest
continue-on-error: true
needs: [connector-list, snyk]
env:
DOCKER_CLI_EXPERIMENTAL: enabled
strategy:
matrix:
connector: ${{ fromJSON(needs.connector-list.outputs.connectors) }}
steps:
- uses: actions/checkout@v4
- name: Install TOML Tools
run: pip install toml-cli
- name: Create Build Environment
id: build
run: |
mkdir build
cp -a connectors/${{ matrix.connector }}/* build/
cp base/* build/
cp base/.dockerignore build/
echo "version=$(toml get --toml-path build/pyproject.toml project.version)" >> $GITHUB_OUTPUT
echo "app_id=$(cat build/APP_ID)" >> $GITHUB_OUTPUT
echo "name=tenable-connectors/connector-${{ matrix.connector }}" >> $GITHUB_OUTPUT
- uses: docker/setup-docker-action@v4
with:
daemon-config: |
{
"debug": true,
"features": {
"containerd-snapshotter": true
}
}
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- name: Build Image Meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
connector-${{ matrix.connector }}
tags: |
type=schedule
type=ref,event=branch
type=semver,pattern={{version}},value=${{ steps.build.outputs.version }}
type=sha
- name: Build Connector
uses: docker/build-push-action@v6
with:
context: build
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
sbom: true
load: true
- name: Docker Login
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKER_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Docker Scout
uses: docker/scout-action@v1
with:
image: connector-${{ matrix.connector }}
command: cves,recommendations
only-severities: critical,high,medium
ignore-unchanged: true
ignore-base: true