Skip to content

Enhance exfiltrate-sensitive-data rule #1135

Enhance exfiltrate-sensitive-data rule

Enhance exfiltrate-sensitive-data rule #1135

Workflow file for this run

name: Test
on:
push:
branches:
- main
- v*
pull_request:
branches:
- main
- v*
permissions:
contents: read
env:
REGISTRY: ghcr.io
IMAGE_NAME: datadog/guarddog
jobs:
type-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Type check with mypy
run: make type-check
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Lint with flake8
run: make lint
unit-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Semgrep rules unit tests
run: make test-semgrep-rules
- name: Python unit tests
run: make test-metadata-rules
- name: Core unit tests
run: make test-core
- name: Reporters unit tests
run: make test-reporters
- name: Report coverage
run: make coverage-report
integration-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: 'Set up Python 3.10'
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install GuardDog
run: |
pip install -r requirements.txt -r requirements-dev.txt
pip install .
- name: Run GuardDog against a remote package
run: guarddog pypi scan requests
- name: Run GuardDog against a remote package
run: guarddog npm scan express
- name: Run GuardDog against a local requirements.txt file
run: >
echo -e "requests\npywin32" > requirements.txt
guarddog pypi verify ./requirements.txt
guarddog npm verify ./tests/core/resources/package.json
docker-build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
platforms: linux/amd64,linux/arm64
push: false
build-args: |
VERSION=${{ github.ref_name }}