Skip to content

feat: Add support for AWS Security Hub (#75) #97

feat: Add support for AWS Security Hub (#75)

feat: Add support for AWS Security Hub (#75) #97

Workflow file for this run

on:
push:
branches:
- '**'
env:
DIST_DIR: ${{ github.workspace }}/build/dist
name: CI
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Check-out source code
uses: actions/checkout@v2
- name: PROD - Prepare GitHub release
id: create_prod_release
uses: GoogleCloudPlatform/release-please-action@v2
if: github.ref == 'refs/heads/main'
with:
command: github-release
release-type: simple
package-name: ${{ github.event.repository.name }}
- name: PROD - Define release info
if: steps.create_prod_release.outputs.release_created
run: |
tag=${{steps.create_prod_release.outputs.tag_name}}
version=${{steps.create_prod_release.outputs.version}}
major=${{steps.create_prod_release.outputs.major}}
minor=${{steps.create_prod_release.outputs.minor}}
patch=${{steps.create_prod_release.outputs.patch}}
echo DO_BUILD=true >> $GITHUB_ENV
echo DO_RELEASE=true >> $GITHUB_ENV
echo DO_PROD_RELEASE=true >> $GITHUB_ENV
echo RELEASE_TAG=${tag} >> $GITHUB_ENV
echo RELEASE_VERSION=${version} >> $GITHUB_ENV
echo DOCKER_TAG=${version} >> $GITHUB_ENV
echo DOCKER_EXTRA_TAGS=latest,stable,v${version},${major}.${minor},v${major}.${minor},${major},v${major} >> $GITHUB_ENV
- name: DEV - Define release info
if: startsWith(github.ref, 'refs/heads/') && !env.DO_PROD_RELEASE
run: |
branch="${GITHUB_REF#refs/heads/}"
tag="dev_${branch//[^a-zA-Z0-9_.-]/.}" # Replace all special characters by a dot
version="0.$(date +'%Y%m%d.%H%M%S')-${tag}"
echo DO_BUILD=true >> $GITHUB_ENV # We always want to do a build if we're building a branch
echo BRANCH=${branch} >> $GITHUB_ENV
echo RELEASE_TAG=${tag} >> $GITHUB_ENV
echo RELEASE_VERSION=${version} >> $GITHUB_ENV
echo DOCKER_TAG=${tag} >> $GITHUB_ENV
if [ "${branch}" == "main" ]; then
echo DOCKER_EXTRA_TAGS=latest_rc >> $GITHUB_ENV
fi
if git ls-remote --exit-code origin refs/tags/${tag} >/dev/null 2>&1; then
echo "Found tag ${tag}, development release will be published"
echo DO_RELEASE=true >> $GITHUB_ENV
echo DO_DEV_RELEASE=true >> $GITHUB_ENV
else
echo "Tag ${tag} does not exist, no development release will be published"
fi
- name: DEV - Prepare GitHub release
if: env.DO_DEV_RELEASE
run: |
gh release delete ${{ env.RELEASE_TAG }} -y || true
gh release create ${{ env.RELEASE_TAG }} -p -t "Development Release - ${{ env.BRANCH }} branch" -n 'See `Assets` section below for latest build artifacts'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update documentation resources
if: env.DO_BUILD
run: bash doc-resources/update-repo-docs.sh
- name: Build release ${{env.RELEASE_VERSION}}
if: env.DO_BUILD
run: ./gradlew dist distThirdParty -Pversion=${{env.RELEASE_VERSION}}
- name: Publish build artifacts
if: env.DO_BUILD
uses: actions/upload-artifact@v2
with:
name: build_artifacts
path: ${{ env.DIST_DIR }}
- name: Publish Docker image
if: env.DO_RELEASE
run: ./gradlew jib -Pversion=${{env.RELEASE_VERSION}} -PjibImageTag=${{env.DOCKER_TAG}} -PjibExtraImageTags=${{env.DOCKER_EXTRA_TAGS}}
env:
DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
DOCKER_HUB_TOKEN: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: PROD - Prepare release PR
uses: GoogleCloudPlatform/release-please-action@v2
if: github.ref == 'refs/heads/main'
with:
command: release-pr
release-type: simple
package-name: ${{ github.event.repository.name }}
- name: DEV - Update ${{ env.RELEASE_TAG }} tag
uses: richardsimko/update-tag@v1
if: env.DO_DEV_RELEASE
with:
tag_name: ${{ env.RELEASE_TAG }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload assets to release
if: env.DO_RELEASE
run: |
files=$(find "${{ env.DIST_DIR }}" -type f -printf "%p ")
gh release upload "${{ env.RELEASE_TAG }}" $files --clobber
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test_artifacts_java:
runs-on: ubuntu-latest
needs: ci
strategy:
matrix:
java: [ '8', '11', '17']
steps:
- name: Setup java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: ${{ matrix.java }}
- name: Download artifacts
uses: actions/download-artifact@v2
with:
name: build_artifacts
- name: Test distribution
run: |
unzip FortifyVulnerabilityExporter.zip
echo '[{"hello": "world"}]' > test.json
java -jar FortifyVulnerabilityExporter.jar --export.from=raw --export.to=raw --raw.input=test.json --raw.output.stdout=true