From f985aed5762e3f297f552ac790e7200375b61f02 Mon Sep 17 00:00:00 2001 From: karan-batavia Date: Wed, 11 Sep 2024 16:34:09 +0530 Subject: [PATCH 1/2] comparison report unification --- .github/workflows/comparison-result.yml | 92 +++++++++++++++++-------- 1 file changed, 62 insertions(+), 30 deletions(-) diff --git a/.github/workflows/comparison-result.yml b/.github/workflows/comparison-result.yml index 339d5db3..7852c02d 100644 --- a/.github/workflows/comparison-result.yml +++ b/.github/workflows/comparison-result.yml @@ -18,12 +18,13 @@ env: PR_URL: ${{ github.event.pull_request.html_url }} SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }} SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }} + AWS_REGION: ${{ secrets.AWS_REGION }} + MONITORING_REPO_PATH: "/home/runner/work/privado/privado/temp/standalone-monitoring-stability" + jobs: start_workflow: - runs-on: ubuntu-latest - env: - PR_URL: ${{ github.event.pull_request.html_url }} + runs-on: ubuntu-24.04 # We are version-locking this to avoid breaking changes in the future steps: - name: Send message to slack id: initial-message @@ -31,6 +32,8 @@ jobs: with: channel-id: ${{ secrets.SLACK_CHANNEL_ID }} slack-message : "Comparison workflow started for ${{env.PR_URL}}" + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }} - name: Save output to env id: save-output @@ -38,6 +41,9 @@ jobs: outputs: init_message_ts: ${{steps.save-output.outputs.INIT_MSG_TS}} setup_and_scan: + permissions: # Need these permissions for the job to create a JWT to authenticate with AWS + id-token: 'write' + contents: 'read' needs: start_workflow strategy: matrix: @@ -57,6 +63,7 @@ jobs: - name: Install sbt run: mkdir -p ~/bin && curl -Ls https://raw.githubusercontent.com/dwijnand/sbt-extras/master/sbt > ~/bin/sbt && chmod 0755 ~/bin/sbt + - name: Install Python 3.10 uses: actions/setup-python@v4 with: @@ -69,39 +76,64 @@ jobs: path: ./temp/standalone-monitoring-stability ref: private-fork - # langauge specific repository file + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + - name: Run the script for ${{ env.HEAD_REF }} and ${{ env.BASE_REF }} run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./run.py -r ./repos/${{matrix.language}}.txt -rbb ${{ env.BASE_REF }}} -rbh ${{ env.HEAD_REF }} -brr ${{ env.BASE_RULE_URL }} -hrr ${{ env.HEAD_RULE_URL }} -guf -urc - - name: Run aws-export - run: cd ./temp/standalone-monitoring-stability/ && python3 aws-export.py ${{matrix.language}}-${{ env.PR_NUMBER }} - - - name: Move results to a folder - run: cd ./temp/standalone-monitoring-stability/ && mkdir results && mv output-${{matrix.language}}-${{ env.PR_NUMBER }}.xlsx ./results/output-${{matrix.language}}-$${{ env.PR_NUMBERĀ }}.xlsx && mv ./temp/result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip ./results/result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip && mv slack_summary.txt ./results/slack_summary.txt - - # Zip the results by name + # Rename result files, and zip them together - name: Zip the results - run: cd /home/runner/work/privado/privado/temp/standalone-monitoring-stability && zip result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip -r ./results + env: + FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} + run: | + cd ./temp/standalone-monitoring-stability/ + mv output.xlsx output-${{ env.FILE_SUFFIX }}.xlsx + zip -r ./result-${{ env.FILE_SUFFIX }}.zip ./temp/result + mkdir results + mv output-${{matrix.language}}-${{github.event.number}}.xlsx ./results/output-${{ env.FILE_SUFFIX }}.xlsx + mv ./result-${{matrix.language}}-${{github.event.number}}.zip ./results/result-${{ env.FILE_SUFFIX }}.zip + mv slack_summary.txt ./results/slack_summary.txt + cd ${{ env.MONITORING_REPO_PATH }} && zip result-rules-${{ env.FILE_SUFFIX }}.zip -r ./results + + - name: Upload to S3 + env: + FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} + AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} + run: cd ${{ env.MONITORING_REPO_PATH }} && aws s3 cp result-rules-${{ env.FILE_SUFFIX }}.zip ${{ secrets.S3_BUCKET }} + + - name: Create a presigned S3 URL + env: + FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} + AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} + TTL: 604800 + run: echo "S3_URL=$(aws s3 presign ${{ secrets.S3_BUCKET }}/result-${{ env.FILE_SUFFIX }}.zip --expires-in ${{ env.TTL }} --region ${{ env.AWS_DEFAULT_REGION }} --endpoint-url https://s3.${{ env.AWS_DEFAULT_REGION }}.amazonaws.com)" >> $GITHUB_ENV - name: Set summary variable run: | echo "MESSAGE<> $GITHUB_ENV - echo "$(cat /home/runner/work/privado/privado/temp/standalone-monitoring-stability/results/slack_summary.txt)" >> $GITHUB_ENV + echo "$(cat ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt)" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Post results to slack - run: curl -o- https://raw.githubusercontent.com/Privado-Inc/standalone-monitoring-stability/private-fork/slack_upload.sh | bash env: - SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }} - FILE_NAME: "result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip" - INIT_TS: ${{ needs.start_workflow.outputs.init_message_ts }} - FILE_PATH: "/home/runner/work/joern/joern/temp/standalone-monitoring-stability/result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip" - PR_MESSAGE: "Comparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\n Language: ${{matrix.language}} \nSummary Report:\n ${{ env.MESSAGE }}" - - + PR_MESSAGE: "Comparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\n Language: ${{matrix.language}} \nSummary Report:\n ${{ env.MESSAGE }}\n Download report <${{ env.S3_URL }}|here> :link:" + run: | + curl -X POST -H "Authorization: Bearer ${{ secrets.SLACK_TOKEN }}" \ + -H "Content-type: application/json" \ + --data '{ + "channel": "'${{ secrets.SLACK_CHANNEL_ID }}'", + "text": "'"${{ env.PR_MESSAGE }}"'", + "thread_ts": "'"${{ needs.start_workflow.outputs.init_message_ts }}"'", + }' \ + https://slack.com/api/chat.postMessage + - name: Export workflow output - run: cd ./temp/standalone-monitoring-stability && python3 ./workflow_check.py /home/runner/work/privado/privado/temp/standalone-monitoring-stability/results/slack_summary.txt + run: cd ./temp/standalone-monitoring-stability && python3 ./workflow_check.py ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt - name: Set summary variable run: | @@ -116,7 +148,7 @@ jobs: uses: actions/upload-artifact@master with: name: ${{matrix.language}} - path: /home/runner/work/privado/privado/temp/standalone-monitoring-stability/results/slack_summary.txt + path: ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt - name: Workflow report analysis if: ${{ env.MESSAGE != 'true' }} @@ -136,12 +168,12 @@ jobs: with: python-version: '3.10' - - name: Clone standalone-monitoring-stability/flow-test + - name: Clone standalone-monitoring-stability/private-fork uses: actions/checkout@v3 with: repository: Privado-Inc/standalone-monitoring-stability path: ./temp/standalone-monitoring-stability - ref: main + ref: private-fork - name: Collate summary run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./collate_summary.py -s /home/runner/work/privado/privado/language_summary @@ -149,14 +181,14 @@ jobs: - name: Set summary variable run: | echo "MESSAGE<> $GITHUB_ENV - echo "$(cat /home/runner/work/privado/privado/temp/standalone-monitoring-stability/global_summary.txt)" >> $GITHUB_ENV + echo "$(cat ${{ env.MONITORING_REPO_PATH }}/global_summary.txt)" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Send summary to slack - uses: slackapi/slack-github-action@v1.24.0 + uses: slackapi/slack-github-action@v1.27.0 with: update-ts: ${{needs.start_workflow.outputs.init_message_ts}} channel-id: ${{ secrets.SLACK_CHANNEL_ID }} - slack-message: "\nComparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link https://github.com/Privado-Inc/privado/pull/${{ env.PR_NUMBER }}\nLanguage: All \nSummary Report:\n ${{ env.MESSAGE }}" + slack-message: "\nComparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\nLanguage: All \nSummary Report:\n ${{ env.MESSAGE }}" env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }} \ No newline at end of file From 1a996ce1d9b807098bf8886a83813d7a85f0a862 Mon Sep 17 00:00:00 2001 From: karan-batavia Date: Thu, 19 Sep 2024 14:43:02 +0530 Subject: [PATCH 2/2] fix file name in comparison report --- .github/workflows/comparison-result.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/comparison-result.yml b/.github/workflows/comparison-result.yml index 7852c02d..ab4d2f6c 100644 --- a/.github/workflows/comparison-result.yml +++ b/.github/workflows/comparison-result.yml @@ -111,7 +111,7 @@ jobs: FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} TTL: 604800 - run: echo "S3_URL=$(aws s3 presign ${{ secrets.S3_BUCKET }}/result-${{ env.FILE_SUFFIX }}.zip --expires-in ${{ env.TTL }} --region ${{ env.AWS_DEFAULT_REGION }} --endpoint-url https://s3.${{ env.AWS_DEFAULT_REGION }}.amazonaws.com)" >> $GITHUB_ENV + run: echo "S3_URL=$(aws s3 presign ${{ secrets.S3_BUCKET }}/result-rules-${{ env.FILE_SUFFIX }}.zip --expires-in ${{ env.TTL }} --region ${{ env.AWS_DEFAULT_REGION }} --endpoint-url https://s3.${{ env.AWS_DEFAULT_REGION }}.amazonaws.com)" >> $GITHUB_ENV - name: Set summary variable run: |