Skip to content

Commit

Permalink
Merge pull request #73 from newrelic-csec/refactor-check-env-fossa-cli
Browse files Browse the repository at this point in the history
Refactor check env and fossa cli
  • Loading branch information
elaguerta-nr authored May 29, 2024
2 parents 1023198 + a950541 commit 294983c
Show file tree
Hide file tree
Showing 8 changed files with 141 additions and 420 deletions.
70 changes: 70 additions & 0 deletions .github/composite/fossa-composite/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
name: 'FOSSA Composite Action'
description: 'Shared action for running FOSSA workflows'
runs:
using: 'composite'
steps:
- id: fossa-list-targets
name: Run fossa list-targets
shell: bash
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
if grep "\[ERROR\]" $LIST_TARGETS_ERR_FILE >/dev/null 2>&1
then
echo "::error::fossa list-targets ran with errors."
cat $LIST_TARGETS_ERR_FILE
echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_ENV"
elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
then
echo "::notice::Fossa found analysis targets."
cat $LIST_TARGETS_OUT_FILE
echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_ENV"
else
echo "::warning::Fossa did not find any analysis targets."
echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_ENV"
echo "FOSSA_ANALYZE_RESULT=N/A" >> "$GITHUB_ENV"
fi
- id: fossa-analyze
name: Run fossa analyze
shell: bash
if: ${{ env.HAS_FOSSA_TARGETS == 'True'}}
run: |
export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
export ANALYZE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
fossa analyze --team='Service Accounts' --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALYZE_ERR_FILE || true
if grep "\[ERROR\]" $ANALYZE_ERR_FILE >/dev/null 2>&1
then
echo "::error::fossa analyze ran with errors."
cat $ANALYZE_ERR_FILE
echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_ENV"
else
cat $ANALYZE_OUT_FILE
echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_ENV"
fi
- name: Set custom properties
shell: bash
run: |
response=$(curl --write-out '%{http_code}' --silent --output /dev/null \
-L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaHasTargets","value": "'"$HAS_FOSSA_TARGETS"'"}, {"property_name":"fossaAnalyzeResult","value": "'"$FOSSA_ANALYZE_RESULT"'"}]}' \
)
if [[ $response != 204 ]]
then
echo "::warning::Writing custom properties failed."
fi
- name: Exit
shell: bash
if: ${{ env.HAS_FOSSA_TARGETS == 'Error' || env.FOSSA_ANALYZE_RESULT == 'Error' }}
run: |
exit 1
78 changes: 8 additions & 70 deletions .github/workflows/fossa-caos.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,13 @@
name: FOSSA CLI Analysis
name: FOSSA CLI Analysis - CAOS
on:
pull_request:
branches: [ $default-branch ]

jobs:
check_env:
runs-on: ubuntu-latest
env:
HAS_FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
steps:
- id: check-fossa-api-key
run: echo "check=$HAS_FOSSA_API_KEY" >> "$GITHUB_OUTPUT"
outputs:
HAS_FOSSA_API_KEY: ${{ steps.check-fossa-api-key.outputs.check }}
uses: newrelic/.github/.github/workflows/fossa-check-env.yml@main
secrets:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}

fossa:
needs: check_env
Expand All @@ -23,71 +18,14 @@ jobs:
ORG: ${{ github.repository_owner }}
REPO: ${{ github.repository }}
CUSTOM_PROPS_PAT: ${{ secrets.FOSSA_PAT }}
HAS_FOSSA_TARGETS: ""
FOSSA_ANALYZE_RESULT: ""

steps:
- uses: actions/checkout@v3
- name: Give GitHub Actions access to private crates
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.CAOS_RUST_CRATE_FOSSA }}
- id: fossa-list-targets
name: Run fossa list-targets
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa list-targets ran with errors."
cat $LIST_TARGETS_ERR_FILE
echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
then
echo "::notice::Fossa found analysis targets."
cat $LIST_TARGETS_OUT_FILE
echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
else
echo "::warning::Fossa did not find any analysis targets."
echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaHasTargets custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaHasTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
- id: fossa-analyze
name: Run fossa analyze
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
run: |
export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
export ANALYZE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
fossa analyze --team='Service Accounts' --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALYZE_ERR_FILE || true
if [[ $(grep "ERROR" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa analyze ran with errors."
cat $ANALYZE_ERR_FILE
echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
else
cat $ANALYZE_OUT_FILE
echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaAnalyzeResult custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
- name: Exit
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
run: exit 1

- id: fossa-cli
uses: newrelic/.github/.github/composite/fossa-composite@main
21 changes: 21 additions & 0 deletions .github/workflows/fossa-check-env.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: FOSSA Check Env
on:
workflow_call:
secrets:
FOSSA_API_KEY:
required: false
outputs:
HAS_FOSSA_API_KEY:
description: "True if FOSSA API key is available."
value: ${{ jobs.check_env.outputs.check }}

jobs:
check_env:
runs-on: ubuntu-latest
env:
HAS_FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
steps:
- id: check-fossa-api-key
run: echo "check=$HAS_FOSSA_API_KEY" >> "$GITHUB_OUTPUT"
outputs:
check: ${{ steps.check-fossa-api-key.outputs.check }}
77 changes: 8 additions & 69 deletions .github/workflows/fossa-default.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,13 @@
name: FOSSA CLI Analysis
name: FOSSA CLI Analysis - Default
on:
pull_request:
branches: [ $default-branch ]

jobs:
check_env:
runs-on: ubuntu-latest
env:
HAS_FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
steps:
- id: check-fossa-api-key
run: echo "check=$HAS_FOSSA_API_KEY" >> "$GITHUB_OUTPUT"
outputs:
HAS_FOSSA_API_KEY: ${{ steps.check-fossa-api-key.outputs.check }}
uses: newrelic/.github/.github/workflows/fossa-check-env.yml@main
secrets:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}

fossa:
needs: check_env
Expand All @@ -23,66 +18,10 @@ jobs:
ORG: ${{ github.repository_owner }}
REPO: ${{ github.repository }}
CUSTOM_PROPS_PAT: ${{ secrets.FOSSA_PAT }}
HAS_FOSSA_TARGETS: ""
FOSSA_ANALYZE_RESULT: ""

steps:
- uses: actions/checkout@v3
- id: fossa-list-targets
name: Run fossa list-targets
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa list-targets ran with errors."
cat $LIST_TARGETS_ERR_FILE
echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
then
echo "::notice::Fossa found analysis targets."
cat $LIST_TARGETS_OUT_FILE
echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
else
echo "::warning::Fossa did not find any analysis targets."
echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaHasTargets custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaHasTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
- id: fossa-analyze
name: Run fossa analyze
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
run: |
export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
export ANALYZE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
fossa analyze --team='Service Accounts' --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALYZE_ERR_FILE || true
if [[ $(grep "ERROR" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa analyze ran with errors."
cat $ANALYZE_ERR_FILE
echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
else
cat $ANALYZE_OUT_FILE
echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaAnalyzeResult custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
- name: Exit
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
run: exit 1
- id: fossa-cli
uses: newrelic/.github/.github/composite/fossa-composite@main
80 changes: 9 additions & 71 deletions .github/workflows/fossa-elixir.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,13 @@
name: FOSSA CLI Analysis
name: FOSSA CLI Analysis - Elixir
on:
pull_request:
branches: [ $default-branch ]

jobs:
check_env:
runs-on: ubuntu-latest
env:
HAS_FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
steps:
- id: check-fossa-api-key
run: echo "check=$HAS_FOSSA_API_KEY" >> "$GITHUB_OUTPUT"
outputs:
HAS_FOSSA_API_KEY: ${{ steps.check-fossa-api-key.outputs.check }}
uses: newrelic/.github/.github/workflows/fossa-check-env.yml@main
secrets:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}

fossa:
needs: check_env
Expand All @@ -23,71 +18,14 @@ jobs:
ORG: ${{ github.repository_owner }}
REPO: ${{ github.repository }}
CUSTOM_PROPS_PAT: ${{ secrets.FOSSA_PAT }}
HAS_FOSSA_TARGETS: ""
FOSSA_ANALYZE_RESULT: ""

steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: '26'
elixir: '1.15'
- id: fossa-list-targets
name: Run fossa list-targets
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa list-targets ran with errors."
cat $LIST_TARGETS_ERR_FILE
echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
then
echo "::notice::Fossa found analysis targets."
cat $LIST_TARGETS_OUT_FILE
echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
else
echo "::warning::Fossa did not find any analysis targets."
echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaHasTargets custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaHasTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
- id: fossa-analyze
name: Run fossa analyze
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
run: |
export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
export ANALZYE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
fossa analyze --team='Service Accounts' --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALZYE_ERR_FILE || true
if [[ $(grep -i "error" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa analyze ran with errors."
cat $ANALYZE_ERR_FILE
echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
else
cat $ANALYZE_OUT_FILE
echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaAnalyzeResult custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $CUSTOM_PROPS_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
- name: Exit
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
run: exit 1

elixir-version: '1.15'
- id: fossa-cli
uses: newrelic/.github/.github/composite/fossa-composite@main
Loading

0 comments on commit 294983c

Please sign in to comment.