ast-github-action/.github/workflows/ci.yml at main · Checkmarx/ast-github-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Checkmarx One Github Action CI

on: [ pull_request ]

jobs:
  integration-tests:
    runs-on: ubuntu-latest

    name: Integration Testing
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v4.1.0

      - name: Create source file
        run: |
          echo "testcode"> source.py

      # Test Failure on missing client-id and secret
      - name: Run With Empty Client And Secret
        id: empty_client_secret
        continue-on-error: true
        uses: ./
        with:
          project_name: ${{ github.event.repository.name }}-tests
          base_uri: https://fake.com
          cx_client_id: ""
          cx_client_secret: ""
      - name: Check If Authentication Failed
        if: ${{contains( steps.empty_client_secret.outcome, 'success')}}
        run: |
          echo "The authentication must fail if invalid client id or password is used"
          echo "${{ steps.empty_client_secret.outcome}}"
          exit 1

      # Test valid input
      - name: Valid Scenario
        id: valid_scenario
        continue-on-error: true
        uses: ./
        with:
          project_name: ${{ github.event.repository.name }}-tests
          base_uri: ${{ secrets.CX_BASE_URI }}
          cx_tenant: ${{ secrets.CX_TENANT }}
          cx_client_id: ${{ secrets.CX_CLIENT_ID }}
          cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
          additional_params: --file-include *.sh,Dockerfile --scan-types kics --report-format summaryJSON
      - name: Check If Scan Failed
        if: ${{ contains( steps.valid_scenario.outcome, 'success') == false}}
        run: |
          echo "The action outcome should be success."
          echo "${{ steps.valid_scenario.outcome}}"
          exit 1
      - name: Check If Output Scan ID Is Empty
        if: steps.valid_scenario.outputs.cxScanID == ''
        run: |
          echo "Scan ID empty."
          exit 1
      - name: Print Output Scan ID
        run: |
          echo "${{ steps.valid_scenario.outputs.cxScanID }}"
      - name: Check If Output Log Is Empty
        if: steps.valid_scenario.outputs.cxcli == ''
        run: |
          echo "Output log empty."
          exit 1
      - name: Print CLI Output
        run: |
          echo "${{ steps.valid_scenario.outputs.cxcli }}"

      # Test failure when wrong preset name
      - name: Test With Wrong Preset Name
        id: preset_name_test
        continue-on-error: true
        uses: ./
        with:
          project_name: ${{ github.event.repository.name }}-tests
          base_uri: ${{ secrets.CX_BASE_URI }}
          cx_tenant: ${{ secrets.CX_TENANT }}
          cx_client_id: ${{ secrets.CX_CLIENT_ID }}
          cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
          additional_params: --sast-preset-name ChekmarxDefaultFake --scan-types sast
      - name: Check If Preset Name Scan Completed
        if: ${{contains( steps.preset_name_test.outcome, 'success')}}
        run: |
          echo "The cli should fail. Wrong preset name provided"
          echo "${{ steps.preset_name_test.outcome}}"
          exit 1

      # Test source path input
      - name: Create subfolder and add file
        run: |
          mkdir -p my_source_dir
          echo "This is a test file for Checkmarx scanning" > my_source_dir/test-file.sh
          echo "FROM alpine:latest" > my_source_dir/Dockerfile

      - name: Valid Scenario With Source Path
        id: valid_scenario_source_path
        continue-on-error: true
        uses: ./
        with:
          project_name: ${{ github.event.repository.name }}-tests
          base_uri: ${{ secrets.CX_BASE_URI }}
          cx_tenant: ${{ secrets.CX_TENANT }}
          cx_client_id: ${{ secrets.CX_CLIENT_ID }}
          cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
          source_dir: "./my_source_dir"
          additional_params: --file-include *.sh,Dockerfile --scan-types kics --report-format summaryJSON

      - name: Check If Scan Failed
        if: ${{ contains( steps.valid_scenario_source_path.outcome, 'success') == false}}
        run: |
          echo "The action outcome should be success."
          echo "${{ steps.valid_scenario_source_path.outcome}}"
          exit 1

      - name: Check If Output Scan ID Is empty
        if: steps.valid_scenario_source_path.outputs.cxScanID == ''
        run: |
          echo "Scan ID empty."
          exit 1

      - name: Print Output Scan ID
        run: |
          echo "${{ steps.valid_scenario_source_path.outputs.cxScanID }}"

      - name: Check If Output Log Is Empty
        if: steps.valid_scenario_source_path.outputs.cxcli == ''
        run: |
          echo "Output log empty."
          exit 1

      - name: Print cCLI Output
        run: |
          echo "${{ steps.valid_scenario_source_path.outputs.cxcli }}"