Skip to content

feat: support policy in local findings #6116

feat: support policy in local findings

feat: support policy in local findings #6116

name: Infrastructure as Code Smoke Tests (Pull Requests)
on:
pull_request:
branches: [main]
jobs:
check_for_changed_iac_files:
name: Check for changed IaC files
runs-on: ubuntu-latest
outputs:
is_changed: ${{ steps.check_iac_files_changed.outputs.is_changed }}
steps:
- uses: actions/checkout@v2
- name: Install jq
run: |
sudo apt-get install jq
- name: Parse CODEOWNERS file
id: codeowners
uses: SvanBoxel/[email protected]
with:
file_match_info: 'true'
path: ./.github/CODEOWNERS
- name: Get changed files
id: changed-files
uses: tj-actions/[email protected]
- name: Get all IaC files
id: get_all_iac_files
run: |
ALL_IAC_FILES=$(
echo ${{ toJSON(steps.codeowners.outputs.filematches) }} |
jq '[
to_entries[] |
select(
.value.owners |
index("@snyk/cloud-dev-ex")
) |
.key
]'
)
echo "::set-output name=all_iac_files::$(
echo $ALL_IAC_FILES
)"
- id: check_iac_files_changed
name: Check for changed files owned by IaC
run: |
ALL_IAC_FILES=${{ toJson(steps.get_all_iac_files.outputs.all_iac_files) }}
CHANGED_FILES=$(
echo ${{ steps.changed-files.outputs.all_changed_files }} |
jq -R 'split(" ")'
)
CHANGED_IAC_FILES=$(
echo $CHANGED_FILES |
jq --argjson ALL_IAC_FILES "$ALL_IAC_FILES" '[
.[] |
. as $changed_file |
select(
$ALL_IAC_FILES |
index($changed_file)
)
]'
)
CHANGED_IAC_FILES_COUNT=$(
echo $CHANGED_IAC_FILES | jq 'length'
)
IS_CHANGED=$(
echo $CHANGED_IAC_FILES_COUNT | jq '. > 0'
)
$IS_CHANGED &&
echo "Found $CHANGED_IAC_FILES_COUNT changed IaC files: $CHANGED_IAC_FILES"||
echo "No changed IaC files found!"
echo "::set-output name=is_changed::$IS_CHANGED"
run_iac_smoke_tests_pulls:
name: Run IaC smoke tests (Pull Requests)
uses: ./.github/workflows/iac-smoke-tests.yml
needs: check_for_changed_iac_files
if: ${{ needs.check_for_changed_iac_files.outputs.is_changed == 'true' }}
secrets: inherit
with:
is_skip_alert: true