diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 69409fac..a6372370 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -10,20 +10,19 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Setup node - uses: actions/setup-node@v3 - - name: Install dependencies - run: npm ci - - name: debug root - run: ls - - name: debug subfolder - run: cd src && ls - - name: Build - run: npm run build - - name: 'Run Compliance State' - uses: ./ - with: - cydigConfigPath: ${{ github.workspace }}/src/cydigconfig.json - repo-token: ${{ secrets.MY_GITHUB_PAT}} - \ No newline at end of file + - uses: actions/checkout@v3 + - name: Setup node + uses: actions/setup-node@v3 + - name: Install dependencies + run: npm ci + - name: debug root + run: ls + - name: debug subfolder + run: cd src && ls + - name: Build + run: npm run build + - name: 'Run Compliance State' + uses: ./ + with: + cydigConfigPath: ${{ github.workspace }}/src/cydigconfig.json + github-token: ${{ secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 02c67204..6890c89c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,10 +1,9 @@ name: Creating release run-name: ${{ github.actor }} creating a release -on: +on: pull_request: types: [closed] - + jobs: call-release-workflow: uses: omegapoint/cydig-reusable-workflows/.github/workflows/release.yml@main - \ No newline at end of file diff --git a/action.yml b/action.yml index 830cac66..22271f65 100644 --- a/action.yml +++ b/action.yml @@ -7,8 +7,8 @@ inputs: description: 'The path to the json-file containing configuration for CyDig' required: true default: 'Not working' - repo-token: - description: 'Personal access token to Github, permissions should be Code: read' + github-token: + description: 'Automatic token from Github workflow' required: true default: 'Not working' runs: diff --git a/src/branchprotection/BranchProtectionService.ts b/src/branchprotection/BranchProtectionService.ts index 8b603de6..8f6b416f 100644 --- a/src/branchprotection/BranchProtectionService.ts +++ b/src/branchprotection/BranchProtectionService.ts @@ -1,28 +1,30 @@ +/* eslint-disable @typescript-eslint/no-explicit-any */ import * as core from '@actions/core'; import * as github from '@actions/github'; export class BranchProtectionService { public static async getStateOfBranchProtection(): Promise { console.log('\n Running branch protection control'); - + //numberOfReviewers > 0, if state of branch protection changes - let numberOfReviewers: number = 0; + const numberOfReviewers: number = 0; - const token = core.getInput('repo-token'); - const octokit = github.getOctokit(token); + const token: string = core.getInput('github-token'); + const octokit: any = github.getOctokit(token); - const { owner, repo } = github.context.repo; + const { owner, repo }: { owner: string; repo: string } = github.context.repo; await octokit.rest.repos .getBranchProtection({ owner: owner, repo: repo, branch: 'main', }) - .then((response) => { + .then((response: any) => { console.log(response.data); }) - .catch((error) => { - console.log('Branch protections is not enabled for repository: ' + repo) + .catch((error: any) => { + console.log('Branch protections is not enabled for repository: ' + repo); + console.log('Error: ', error?.message); }); - core.exportVariable('numberOfReviewers', numberOfReviewers) + core.exportVariable('numberOfReviewers', numberOfReviewers); } } diff --git a/src/cydigconfig.json b/src/cydigconfig.json index 834985e4..d72acfc4 100644 --- a/src/cydigconfig.json +++ b/src/cydigconfig.json @@ -1,41 +1,41 @@ { - "teamName": "name-of-your-team", - "usingAzure": true, - "threatModeling": { - "date": "date-of-threat-modeling", - "boardsTag": "TM" + "teamName": "name-of-your-team", + "usingAzure": true, + "threatModeling": { + "date": "date-of-threat-modeling", + "boardsTag": "TM" + }, + "pentest": { + "date": "2023-09-07", + "boardsTag": "PT" + }, + "github": { + "usingRepos": true, + "repos": { + "username": "firstname.lastname (usually)" }, - "pentest": { - "date": "2023-09-07", - "boardsTag": "PT" - }, - "github": { - "usingRepos": true, - "repos": { - "username": "firstname.lastname (usually)" - }, - "usingBoards": true, - "boards": { - "nameOfBoard": "name-of-boards (use 'not specified' for all boards in project)" - } - }, - "scaTool": { - "nameOfTool": "name-of-tool", - "owaspDependencyCheck": { - "reportPath": "Reports/dependency-check-report.csv", - "csvPath": "not specified" - } - }, - "sastTool": { - "nameOfTool": "name-of-tool", - "semgrep": { - "reportPath": "semgrep-json.json" - } - }, - "codeQualityTool": { - "nameOfTool": "name-of-tool" - }, - "reposToExclude": { - "nameOfRepos": "not-specified" + "usingBoards": true, + "boards": { + "nameOfBoard": "name-of-boards (use 'not specified' for all boards in project)" + } + }, + "scaTool": { + "nameOfTool": "name-of-tool", + "owaspDependencyCheck": { + "reportPath": "Reports/dependency-check-report.csv", + "csvPath": "not specified" + } + }, + "sastTool": { + "nameOfTool": "name-of-tool", + "semgrep": { + "reportPath": "semgrep-json.json" } + }, + "codeQualityTool": { + "nameOfTool": "name-of-tool" + }, + "reposToExclude": { + "nameOfRepos": "not-specified" + } } diff --git a/src/index.ts b/src/index.ts index c9a828cf..e10163df 100644 --- a/src/index.ts +++ b/src/index.ts @@ -10,7 +10,7 @@ import { ThreatModelingService } from './threatmodeling/ThreatModelingService'; */ export async function run(): Promise { try { - console.log('\n Running controls on your repository') + console.log('\n Running controls on your repository'); const cydigConfig: CyDigConfig = getContentOfFile(core.getInput('cydigConfigPath')); await BranchProtectionService.getStateOfBranchProtection();