-
Notifications
You must be signed in to change notification settings - Fork 396
59 lines (58 loc) · 2.76 KB
/
trigger-semgrep-scanner-initiate-scan.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: semgrep-scanner benchmarks
on:
workflow_dispatch:
push:
branches: [release]
pull_request:
branches: [develop, release]
jobs:
trigger:
# do not run automatically if rule is posted from the playground (can still be started manually)
# PRs posted by first time contributors already need approval as well
if: github.actor != 'semgrep-dev-pr-bot'
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- id: changed-files
name: get changed files
env:
HEAD_REF: ${{ github.head_ref }}
run: |
CHANGED_FILES=$(git diff --name-only origin/develop origin/$HEAD_REF | xargs -0 | sed '/^$/d' | sed -r '/^(.github|bash|contrib|fingerprints|generic|json|problem-based-packs|scripts|stats|trusted_python|yaml)/d' | sed -n '/.*yaml/p' | tr '\n' ' ')
echo "changed_files=$CHANGED_FILES" >> $GITHUB_ENV
- id: print-changed-files
name: debugging step - print changed files
env:
CHANGED_FILES: ${{ env.changed_files }}
run: |
echo "$CHANGED_FILES"
- id: changed-langs
name: get changed langs
env:
CHANGED_FILES: ${{ env.changed_files }}
run: |
CHANGED_LANGS=$(echo "$CHANGED_FILES" | sed 's/ /\n/g' | sed 's/^\([^/]*\).*/\1/' | sort -u | tr '\n' ' ')
echo "changed_langs=$CHANGED_LANGS" >> $GITHUB_ENV
CHANGED_LANG_COUNT=$(echo "$CHANGED_LANGS" | wc -w)
echo "changed_lang_count=$CHANGED_LANG_COUNT" >> $GITHUB_ENV
- name: Trigger semgrep-scanner argo workflow on push to release
if: github.event_name == 'push'
env:
GH_REF: ${{ github.ref }}
REPO_NAME: ${{ github.event.repository.name }}
run: |
curl -X POST https://argo.corp.r2c.dev/api/v1/events/security-research/initiate-scan-on-push -H "Authorization: ${{ secrets.ARGO_WORKFLOWS_TOKEN }}" -d "{ \"repo\": \"$REPO_NAME\", \"branch\" : \"$GH_REF\"}"
- name: Trigger semgrep-scanner argo workflow on PR to develop or release
env:
CHANGED_FILES: ${{ env.changed_files }}
CHANGED_LANGS: ${{ env.changed_langs }}
HEAD_REF: ${{ github.head_ref }}
REPO_NAME: ${{ github.event.repository.name }}
PR_HEAD_SHA: ${{github.event.pull_request.head.sha}}
if: |
github.event_name == 'pull_request' &&
env.changed_lang_count > 0
run: |
curl -X POST https://argoworkflows-dev.corp.r2c.dev/api/v1/events/security-research/initiate-scan-argo -H "Authorization: ${{ secrets.ARGO_WORKFLOWS_TOKEN }}" -d "{\"branch\" : \"$HEAD_REF\", \"repo\" : \"$REPO_NAME\", \"commit\" : \"$PR_HEAD_SHA\", \"changed_files\" : \"$CHANGED_FILES\" , \"langs\" : \"$CHANGED_LANGS\"}"