Add Security content from core and CLI (#3) #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: JFrog CLI Security Tests | |
on: | |
push: | |
branches: | |
- '**' | |
tags-ignore: | |
- '**' | |
# Triggers the workflow on labeled PRs only. | |
pull_request_target: | |
types: [ labeled ] | |
# Ensures that only the latest commit is running for each PR at a time. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
test: | |
if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push' | |
runs-on: ${{ matrix.os }}-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu, windows, macos ] | |
env: | |
GOPROXY: direct | |
GRADLE_OPTS: -Dorg.gradle.daemon=false | |
steps: | |
# Install dependencies | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.20.x | |
- name: Install npm | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "16" | |
- name: Install Java | |
uses: actions/setup-java@v3 | |
with: | |
java-version: "11" | |
distribution: "adopt" | |
- name: Install NuGet | |
uses: nuget/setup-nuget@v1 | |
with: | |
nuget-version: 6.x | |
- name: Install dotnet | |
uses: actions/setup-dotnet@v3 | |
with: | |
dotnet-version: '6.x' | |
- name: Setup Python3 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.x" | |
- name: Setup Pipenv | |
run: python -m pip install pipenv | |
- name: Setup Poetry | |
run: python -m pip install poetry | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v2 | |
with: | |
gradle-version: 7.6 | |
# Checkout code | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
# Test | |
- name: Run security tests (without Docker Scan) | |
run: go test -v github.com/jfrog/jfrog-cli-security --timeout 0 --test.security --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} --jfrog.user=${{ secrets.PLATFORM_USER }} --test.containerRegistry=${{ secrets.CONTAINER_REGISTRY }} --ci.runId=${{ runner.os }}-xray | |
if: ${{ matrix.os != 'ubuntu' }} | |
- name: Run security tests (with Docker Scan, only on Ubuntu) | |
run: go test -v github.com/jfrog/jfrog-cli-security --timeout 0 --test.security --test.dockerScan --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} --test.containerRegistry=${{ secrets.CONTAINER_REGISTRY }} --ci.runId=${{ runner.os }}-xray | |
if: ${{ matrix.os == 'ubuntu' }} |