add token and vendor exclusion rule #683
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Monitoring Stability and Comparing Results | |
# Triggers when a pull_request is created | |
on: | |
pull_request_target: | |
branches: | |
- "**" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
CORE_AT: ${{ secrets.CORE_AT }} | |
BASE_REF: ${{ github.BASE_REF }} | |
HEAD_REF: ${{ github.HEAD_REF }} | |
BASE_RULE_URL: ${{ github.event.pull_request.base.repo.html_url }} | |
HEAD_RULE_URL: ${{ github.event.pull_request.head.repo.html_url }} | |
PR_NUMBER: ${{ github.event.number }} | |
REPOSITORY_NAME: ${{github.event.repository.name}} | |
PR_URL: ${{ github.event.pull_request.html_url }} | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }} | |
SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }} | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
MONITORING_REPO_PATH: "/home/runner/work/privado/privado/temp/standalone-monitoring-stability" | |
jobs: | |
start_workflow: | |
runs-on: ubuntu-24.04 # We are version-locking this to avoid breaking changes in the future | |
steps: | |
- name: Send message to slack | |
id: initial-message | |
uses: slackapi/[email protected] | |
with: | |
channel-id: ${{ secrets.SLACK_CHANNEL_ID }} | |
slack-message : "Comparison workflow started for ${{env.PR_URL}}" | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }} | |
- name: Save output to env | |
id: save-output | |
run: echo "INIT_MSG_TS=${{ steps.initial-message.outputs.ts }}" >> $GITHUB_OUTPUT | |
outputs: | |
init_message_ts: ${{steps.save-output.outputs.INIT_MSG_TS}} | |
setup_and_scan: | |
permissions: # Need these permissions for the job to create a JWT to authenticate with AWS | |
id-token: 'write' | |
contents: 'read' | |
needs: start_workflow | |
strategy: | |
matrix: | |
language: ['java-1', 'java-2' ,'python', 'js', 'ruby-1', 'ruby-2', 'go', 'kotlin', 'php', 'csharp'] | |
continue-on-error: true | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install JDK-18 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '18' | |
- name: Export Java Home Path | |
run: export PATH=$JAVA_HOME/bin:$PATH | |
- name: Install sbt | |
run: mkdir -p ~/bin && curl -Ls https://raw.githubusercontent.com/dwijnand/sbt-extras/master/sbt > ~/bin/sbt && chmod 0755 ~/bin/sbt | |
- name: Install Python 3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Clone standalone-monitoring-stability/private-fork | |
uses: actions/checkout@v3 | |
with: | |
repository: Privado-Inc/standalone-monitoring-stability | |
path: ./temp/standalone-monitoring-stability | |
ref: private-fork | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Run the script for ${{ env.HEAD_REF }} and ${{ env.BASE_REF }} | |
run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./run.py -r ./repos/${{matrix.language}}.txt -rbb ${{ env.BASE_REF }}} -rbh ${{ env.HEAD_REF }} -brr ${{ env.BASE_RULE_URL }} -hrr ${{ env.HEAD_RULE_URL }} -guf -urc | |
# Rename result files, and zip them together | |
- name: Zip the results | |
env: | |
FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} | |
run: | | |
cd ./temp/standalone-monitoring-stability/ | |
mv output.xlsx output-${{ env.FILE_SUFFIX }}.xlsx | |
zip -r ./result-${{ env.FILE_SUFFIX }}.zip ./temp/result | |
mkdir results | |
mv output-${{matrix.language}}-${{github.event.number}}.xlsx ./results/output-${{ env.FILE_SUFFIX }}.xlsx | |
mv ./result-${{matrix.language}}-${{github.event.number}}.zip ./results/result-${{ env.FILE_SUFFIX }}.zip | |
mv slack_summary.txt ./results/slack_summary.txt | |
cd ${{ env.MONITORING_REPO_PATH }} && zip result-rules-${{ env.FILE_SUFFIX }}.zip -r ./results | |
- name: Upload to S3 | |
env: | |
FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} | |
AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} | |
run: cd ${{ env.MONITORING_REPO_PATH }} && aws s3 cp result-rules-${{ env.FILE_SUFFIX }}.zip ${{ secrets.S3_BUCKET }} | |
- name: Create a presigned S3 URL | |
env: | |
FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} | |
AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} | |
TTL: 604800 | |
run: echo "S3_URL=$(aws s3 presign ${{ secrets.S3_BUCKET }}/result-${{ env.FILE_SUFFIX }}.zip --expires-in ${{ env.TTL }} --region ${{ env.AWS_DEFAULT_REGION }} --endpoint-url https://s3.${{ env.AWS_DEFAULT_REGION }}.amazonaws.com)" >> $GITHUB_ENV | |
- name: Set summary variable | |
run: | | |
echo "MESSAGE<<EOF" >> $GITHUB_ENV | |
echo "$(cat ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt)" >> $GITHUB_ENV | |
echo "EOF" >> $GITHUB_ENV | |
- name: Post results to slack | |
env: | |
PR_MESSAGE: "Comparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\n Language: ${{matrix.language}} \nSummary Report:\n ${{ env.MESSAGE }}\n Download report <${{ env.S3_URL }}|here> :link:" | |
run: | | |
curl -X POST -H "Authorization: Bearer ${{ secrets.SLACK_TOKEN }}" \ | |
-H "Content-type: application/json" \ | |
--data '{ | |
"channel": "'${{ secrets.SLACK_CHANNEL_ID }}'", | |
"text": "'"${{ env.PR_MESSAGE }}"'", | |
"thread_ts": "'"${{ needs.start_workflow.outputs.init_message_ts }}"'", | |
}' \ | |
https://slack.com/api/chat.postMessage | |
- name: Export workflow output | |
run: cd ./temp/standalone-monitoring-stability && python3 ./workflow_check.py ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt | |
- name: Set summary variable | |
run: | | |
echo "MESSAGE<<EOF" >> $GITHUB_ENV | |
echo "$(cat ./temp/standalone-monitoring-stability/action_result.txt)" >> $GITHUB_ENV | |
echo "EOF" >> $GITHUB_ENV | |
- name: Print action result | |
run: cat ./temp/standalone-monitoring-stability/action_result.txt | |
- name: Upload summary file | |
uses: actions/upload-artifact@master | |
with: | |
name: ${{matrix.language}} | |
path: ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt | |
- name: Workflow report analysis | |
if: ${{ env.MESSAGE != 'true' }} | |
run: exit 1 | |
collate_summary: | |
needs: [start_workflow, setup_and_scan] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download summary file | |
uses: actions/download-artifact@master | |
with: | |
path: ./language_summary | |
- name: Install Python 3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Clone standalone-monitoring-stability/private-fork | |
uses: actions/checkout@v3 | |
with: | |
repository: Privado-Inc/standalone-monitoring-stability | |
path: ./temp/standalone-monitoring-stability | |
ref: private-fork | |
- name: Collate summary | |
run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./collate_summary.py -s /home/runner/work/privado/privado/language_summary | |
- name: Set summary variable | |
run: | | |
echo "MESSAGE<<EOF" >> $GITHUB_ENV | |
echo "$(cat ${{ env.MONITORING_REPO_PATH }}/global_summary.txt)" >> $GITHUB_ENV | |
echo "EOF" >> $GITHUB_ENV | |
- name: Send summary to slack | |
uses: slackapi/[email protected] | |
with: | |
update-ts: ${{needs.start_workflow.outputs.init_message_ts}} | |
channel-id: ${{ secrets.SLACK_CHANNEL_ID }} | |
slack-message: "\nComparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\nLanguage: All \nSummary Report:\n ${{ env.MESSAGE }}" | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }} |