-
Notifications
You must be signed in to change notification settings - Fork 18
75 lines (62 loc) · 1.81 KB
/
pr-validation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: PR Validation
on:
pull_request:
branches:
- master
merge_group:
jobs:
test:
strategy:
matrix:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: "^1.20"
- name: go mod tidy
run: |
go mod tidy
git diff --exit-code
- name: Go Linter
run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m --out-format github-actions
- name: Go Test
run: go test -v ./...
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- run: make build
- name: Run docker and check its output
run:
if docker run -v "$(pwd)":/repo -t checkmarx/2ms:latest git /repo | grep -A 5 "totalitemsscanned:"; then
echo "Docker ran as expected";
else
echo "Docker did not run as expected";
exit 1;
fi
kics:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- run: mkdir -p kics-results
- name: Run KICS scan
uses: checkmarx/kics-github-action@master
with:
path: Dockerfile
output_path: kics-results
output_formats: json,sarif
enable_comments: ${{ github.event_name == 'pull_request'}}
fail_on: high,medium
- name: Show KICS results
if: failure()
run: cat kics-results/results.json
# - name: Upload SARIF file
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: kics-results/results.sarif