-
Notifications
You must be signed in to change notification settings - Fork 30
91 lines (86 loc) · 3.87 KB
/
fossa-default.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: FOSSA CLI Analysis
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
workflow_dispatch:
jobs:
check_env:
runs-on: ubuntu-latest
env:
HAS_FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
steps:
- id: check-fossa-api-key
run: echo "check=$HAS_FOSSA_API_KEY" >> "$GITHUB_OUTPUT"
outputs:
HAS_FOSSA_API_KEY: ${{ steps.check-fossa-api-key.outputs.check }}
fossa:
needs: check_env
if: ${{ needs.check_env.HAS_FOSSA_API_KEY }}
runs-on: ubuntu-latest
env:
FOSSA_API_KEY: ${{secrets.FOSSA_API_KEY}}
ORG: ${{ github.repository_owner }}
REPO: ${{ github.repository }}
CUSTOM_PROPS_PAT: ${{ secrets.FOSSA_PAT }}
steps:
- uses: actions/checkout@v3
- id: fossa-list-targets
name: Run fossa list-targets
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa list-targets ran with errors."
cat $LIST_TARGETS_ERR_FILE
echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
then
echo "::notice::Fossa found analysis targets."
cat $LIST_TARGETS_OUT_FILE
echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
else
echo "::warning::Fossa did not find any analysis targets."
echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaHasTargets custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaHasTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
- id: fossa-analyze
name: Run fossa analyze
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
run: |
export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
export ANALYZE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
fossa analyze --team='Service Accounts' --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALYZE_ERR_FILE || true
if [[ $(grep "ERROR" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa analyze ran with errors."
cat $ANALYZE_ERR_FILE
echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
else
cat $ANALYZE_OUT_FILE
echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaAnalyzeResult custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
- name: Exit
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
run: exit 1