feat(manager-test): change import organization to allow white box tes… #241
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# From https://github.com/actions-rs/meta/blob/edeebc14493689cee04cb6d941c42c36a86e9d18/recipes/quickstart.md | |
name: tests | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
fmt: | |
name: cargo fmt | |
runs-on: ubuntu-latest | |
container: | |
image: rust:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- run: | | |
rustup component add rustfmt | |
cargo fmt --all -- --check | |
clippy: | |
name: cargo clippy | |
runs-on: ubuntu-latest | |
container: | |
image: rust:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-clippy | |
- run: | | |
rustup component add clippy | |
cargo clippy --all-features -- -D clippy::all | |
test-and-coverage: | |
name: cargo test and coverage | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
pull-requests: write | |
actions: read | |
container: | |
image: rust:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-cov | |
- run: rustup component add llvm-tools-preview | |
- run: cargo install cargo-llvm-cov | |
- name: Run tests and generate coverage report | |
run: cargo llvm-cov test --all-features --workspace --lcov --output-path lcov.info | |
- name: Coveralls | |
uses: coverallsapp/github-action@v2.2.0 | |
with: | |
file: ./lcov.info | |
audit: | |
name: Cargo Audit | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: write | |
pull-requests: write | |
container: | |
image: rust:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-audit | |
- name: Install Cargo Audit | |
run: | | |
cargo install cargo-audit | |
- name: Generate Cargo Audit Report | |
id: report | |
run: | | |
cargo audit --quiet | tee report.xml | |
body="$(cat report.xml)" | |
delimiter="$(openssl rand -hex 8)" | |
echo "body<<$delimiter" >> $GITHUB_OUTPUT | |
echo "$body" >> $GITHUB_OUTPUT | |
echo "$delimiter" >> $GITHUB_OUTPUT | |
- name: Comment report | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
hide_and_recreate: true | |
hide_classify: "OUTDATED" | |
message: | | |
<b>🤖 Cargo Audit Report 🤖</b> | |
${{ steps.report.outputs.body }} | |
(Empty means OK! 👍) | |
sbom: | |
name: Syft SBOM Generator | |
runs-on: ubuntu-20.04 | |
env: | |
REPO_NAME: ${{ github.event.repository.name }} | |
REPORT_FOLDER: ${{ github.event.repository.name }}-sbom-report | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-sbom | |
- run: | | |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b . | |
mkdir "${{ env.REPORT_FOLDER }}" | |
./syft . --scope all-layers -o cyclonedx-xml=${{ env.REPORT_FOLDER }}/sbom-report.$(date "+%Y.%m.%d-%H.%M").xml | |
./syft . --scope all-layers -o cyclonedx-json=${{ env.REPORT_FOLDER }}/sbom-report.$(date "+%Y.%m.%d-%H.%M").json | |
cp ${{ env.REPORT_FOLDER }}/*.xml sbom-report.xml | |
curl -X 'POST' 'http://34.149.248.118/api/v1/bom' \ | |
-H 'Content-Type: multipart/form-data' \ | |
-H 'X-API-Key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}' \ | |
-F 'autoCreate=true' \ | |
-F 'projectVersion=1.0' \ | |
-F "projectName=${{ env.REPO_NAME }}" \ | |
-F 'bom=@sbom-report.xml' | |
- uses: 'google-github-actions/auth@v1' | |
with: | |
credentials_json: '${{ secrets.GHA_SA_KEY }}' | |
- uses: 'google-github-actions/upload-cloud-storage@v1' | |
with: | |
process_gcloudignore: false | |
path: '${{ env.REPORT_FOLDER }}/' | |
destination: 'security-sbom' |