forked from joernio/joern
-
Notifications
You must be signed in to change notification settings - Fork 0
194 lines (169 loc) · 8.09 KB
/
comparison_results.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
name: Monitoring Stability and Comparing Results
# Triggers when a pull_request is created
on:
pull_request_target:
branches:
- "**"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CORE_AT: ${{ secrets.CORE_AT }}
BASE_REF: ${{ github.base_ref }}
HEAD_REF: ${{ github.head_ref }}
BASE_CORE_URL: ${{ github.event.pull_request.base.repo.html_url }}
HEAD_CORE_URL: ${{ github.event.pull_request.head.repo.html_url }}
PR_NUMBER: ${{ github.event.number }}
REPOSITORY_NAME: ${{github.event.repository.name}}
SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }}
SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
PR_URL: ${{ github.event.pull_request.html_url }}
AWS_REGION: ${{ secrets.AWS_REGION }}
MONITORING_REPO_PATH: "/home/runner/work/joern/joern/temp/standalone-monitoring-stability"
AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}}
S3_BUCKET: ${{secrets.S3_BUCKET}}
jobs:
start_workflow:
runs-on: ubuntu-latest
steps:
- name: Send message to slack
id: initial-message
uses: slackapi/[email protected]
with:
channel-id: ${{ env.SLACK_CHANNEL_ID }}
slack-message : "Comparison workflow started for ${{env.PR_URL}}"
- name: Save output to env
id: save-output
run: echo "INIT_MSG_TS=${{ steps.initial-message.outputs.ts }}" >> $GITHUB_OUTPUT
outputs:
init_message_ts: ${{steps.save-output.outputs.INIT_MSG_TS}}
setup_and_scan:
permissions: # Need these permissions for the job to create a JWT to authenticate with AWS
id-token: 'write'
contents: 'read'
needs: start_workflow
strategy:
matrix:
language: ['java-1', 'java-2' ,'python', 'js', 'ruby-1', 'ruby-2', 'go', 'kotlin', 'csharp', 'php']
continue-on-error: true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install JDK-18
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '18'
- name: Export Java Home Path
run: export PATH=$JAVA_HOME/bin:$PATH
- name: Install sbt
run: mkdir -p ~/bin && curl -Ls https://raw.githubusercontent.com/dwijnand/sbt-extras/master/sbt > ~/bin/sbt && chmod 0755 ~/bin/sbt
- name: Install Python 3.10
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Clone standalone-monitoring-stability/custom-joern-build
uses: actions/checkout@v3
with:
repository: Privado-Inc/standalone-monitoring-stability
path: ./temp/standalone-monitoring-stability
ref: main
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
# langauge specific repository file
- name: Run the script for ${{ env.HEAD_REF }} and ${{ env.BASE_REF }}
run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./run.py -r ./repos/${{matrix.language}}.txt -b main -h main -guf --custom-joern True --custom-joern-base-branch ${{ env.BASE_REF }} --custom-joern-head-branch ${{ env.HEAD_REF }}
# Rename result files, and zip them together
- name: Zip the results
env:
FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }}
run: |
cd ./temp/standalone-monitoring-stability/
mv output.xlsx output-${{ env.FILE_SUFFIX }}.xlsx
zip -r ./result-${{ env.FILE_SUFFIX }}.zip ./temp/result
mkdir results
mv output-${{matrix.language}}-${{github.event.number}}.xlsx ./results/output-${{ env.FILE_SUFFIX }}.xlsx
mv ./result-${{matrix.language}}-${{github.event.number}}.zip ./results/result-${{ env.FILE_SUFFIX }}.zip
mv slack_summary.txt ./results/slack_summary.txt
cd ${{ env.MONITORING_REPO_PATH }} && zip result-${{ env.FILE_SUFFIX }}.zip -r ./results
- name: Upload to S3
env:
FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }}
AWS_DEFAULT_REGION: ap-south-1
run: cd ${{ env.MONITORING_REPO_PATH }} && aws s3 cp result-${{ env.FILE_SUFFIX }}.zip ${{ env.S3_BUCKET }}
- name: Create a presigned S3 URL
env:
FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }}
AWS_DEFAULT_REGION: ${{ env.AWS_REGION }}
TTL: 604800
run: echo "S3_URL=$(aws s3 presign ${{ env.S3_BUCKET }}/result-${{ env.FILE_SUFFIX }}.zip --expires-in ${{ env.TTL }} --region ${{ env.AWS_DEFAULT_REGION }} --endpoint-url https://s3.${{ env.AWS_DEFAULT_REGION }}.amazonaws.com)" >> $GITHUB_ENV
- name: Set summary variable
run: |
echo "MESSAGE<<EOF" >> $GITHUB_ENV
echo "$(cat ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt)" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Post results to slack
env:
PR_MESSAGE: "Comparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\n Language: ${{matrix.language}} \nSummary Report:\n ${{ env.MESSAGE }}\n Download report <${{ env.S3_URL }}|here> :link:"
run: |
curl -X POST -H "Authorization: Bearer ${{ env.SLACK_BOT_TOKEN }}" \
-H "Content-type: application/json" \
--data '{
"channel": "'${{ env.SLACK_CHANNEL_ID }}'",
"text": "'"${{ env.PR_MESSAGE }}"'",
"thread_ts": "'"${{ needs.start_workflow.outputs.init_message_ts }}"'",
}' \
https://slack.com/api/chat.postMessage
- name: Export workflow output
run: cd ./temp/standalone-monitoring-stability && python3 ./workflow_check.py ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt
- name: Set summary variable
run: |
echo "MESSAGE<<EOF" >> $GITHUB_ENV
echo "$(cat ./temp/standalone-monitoring-stability/action_result.txt)" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Print action result
run: cat ./temp/standalone-monitoring-stability/action_result.txt
- name: Upload summary file
uses: actions/upload-artifact@master
with:
name: ${{matrix.language}}
path: ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt
- name: Workflow report analysis
if: ${{ env.MESSAGE != 'true' }}
run: exit 1
collate_summary:
needs: [ start_workflow, setup_and_scan ]
runs-on: ubuntu-22.04
steps:
- name: Download summary file
uses: actions/download-artifact@master
with:
path: ./language_summary
- name: Install Python 3.10
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Clone standalone-monitoring-stability/private-fork
uses: actions/checkout@v3
with:
repository: Privado-Inc/standalone-monitoring-stability
path: ./temp/standalone-monitoring-stability
ref: main
- name: Collate summary
run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./collate_summary.py -s /home/runner/work/joern/joern/language_summary
- name: Set summary variable
run: |
echo "MESSAGE<<EOF" >> $GITHUB_ENV
echo "$(cat ${{ env.MONITORING_REPO_PATH }}/global_summary.txt)" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Send summary to slack
uses: slackapi/[email protected]
with:
update-ts: ${{needs.start_workflow.outputs.init_message_ts}}
channel-id: ${{ env.SLACK_CHANNEL_ID }}
slack-message: "\nComparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\nLanguage: All \nSummary Report:\n ${{ env.MESSAGE }}"
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}