From 31bd48e04d08515da12f147312d4f13b63ff9cf7 Mon Sep 17 00:00:00 2001 From: Nayuta Ishii Date: Fri, 15 Mar 2024 17:23:01 +0900 Subject: [PATCH 1/5] MAINT: bump create-pull-request to v6 --- .github/workflows/depup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depup.yml b/.github/workflows/depup.yml index c68ab8f..423789d 100644 --- a/.github/workflows/depup.yml +++ b/.github/workflows/depup.yml @@ -21,7 +21,7 @@ jobs: repo: reviewdog/reviewdog - name: Create Pull Request - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: ${{ secrets.GITHUB_TOKEN }} title: "chore(deps): update reviewdog to ${{ steps.depup.outputs.latest }}" From 59af000af99c78122f7fb1ac8b9beec10b4582d1 Mon Sep 17 00:00:00 2001 From: Nayuta Ishii Date: Fri, 15 Mar 2024 19:59:49 +0900 Subject: [PATCH 2/5] Add test for fs --- .github/workflows/tests.yml | 85 +++++++++---------- .../terraform}/with_detections/example.tf | 0 .../terraform}/with_detections/main.tf | 0 .../terraform}/without_detections/main.tf | 0 .../fs/npm/with_detections/package-lock.json | 20 +++++ testdata/fs/npm/with_detections/package.json | 15 ++++ .../npm/without_detections/package-lock.json | 12 +++ .../fs/npm/without_detections/package.json | 14 +++ 8 files changed, 102 insertions(+), 44 deletions(-) rename testdata/{ => config/terraform}/with_detections/example.tf (100%) rename testdata/{ => config/terraform}/with_detections/main.tf (100%) rename testdata/{ => config/terraform}/without_detections/main.tf (100%) create mode 100644 testdata/fs/npm/with_detections/package-lock.json create mode 100644 testdata/fs/npm/with_detections/package.json create mode 100644 testdata/fs/npm/without_detections/package-lock.json create mode 100644 testdata/fs/npm/without_detections/package.json diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4961b1f..3d48b15 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,48 +11,35 @@ defaults: shell: bash jobs: - test-check: - name: trivy (github-check) + setup: runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.output-matrix.outputs.matrix }} steps: - uses: actions/checkout@v4 - - - uses: ./ - continue-on-error: true - id: test - with: - github_token: ${{ secrets.github_token }} - trivy_command: config - trivy_target: . - reporter: github-check - level: info - working_directory: testdata/with_detections - - # The check is expected to fail on the test data - - name: Check return codes - if: success() || failure () + - name: Set up matrix + id: output-matrix run: | - trivy_return="${{ steps.test.outputs.trivy-return-code }}" - reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}" - - if [[ "$trivy_return" -eq 1 ]]; then - echo "trivy correctly returned failure ${trivy_return}" - else - echo "trivy returned ${trivy_return}, expected '1'. Failing..." - exit 1 - fi + # Find all the directories in the testdata directory + DIRS="$(find ./testdata -type d)" + for dir in ${DIRS}; do + if [ "$(echo "${DIRS}" | grep -c "${dir}" || true)" -le 1 ]; then + DIRS_RESULT="${DIRS_RESULT}${dir}," + fi + done + MATRIX_JSON=$(echo "${DIRS_RESULT}" | sed 's/,$//' | sed 's/\\n//g' | jq -R -s -c 'split(",") | [.[] | {dir: ., command: split("/")[1], type: split("/")[4], label: [split("/")[2],split("/")[3]] | join("/")}]') + MATRIX="matrix={\"include\":${MATRIX_JSON}}" >> $GITHUB_OUTPUT + echo "${MATRIX}" + echo "${MATRIX}" >> $GITHUB_OUTPUT - if [[ "$reviewdog_return" -eq 0 ]]; then - echo "reviewdog correctly returned success: ${reviewdog_return}" - else - echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..." - exit 1 - fi - - test-check-without-detections: - name: trivy (github-check-without-detections) + test-check: + name: trivy (github-check) runs-on: ubuntu-latest + needs: setup + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.setup.outputs.matrix) }} steps: - uses: actions/checkout@v4 @@ -62,24 +49,34 @@ jobs: id: test with: github_token: ${{ secrets.github_token }} - trivy_command: config + trivy_command: ${{ matrix.command }} trivy_target: . reporter: github-check level: info - working_directory: testdata/without_detections + working_directory: ${{ matrix.dir }} # The check is expected to fail on the test data - name: Check return codes if: success() || failure () run: | + check_type="${{ matrix.type }}" trivy_return="${{ steps.test.outputs.trivy-return-code }}" reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}" - if [[ "$trivy_return" -eq 0 ]]; then - echo "trivy correctly returned success ${trivy_return}" + if [[ "$check_type" = "with_detections" ]]; then + if [[ "$trivy_return" -eq 1 ]]; then + echo "trivy correctly returned failure: ${trivy_return}" + else + echo "trivy returned ${trivy_return}, expected '1'. Failing..." + exit 1 + fi else - echo "trivy returned ${trivy_return}, expected '0'. Failing..." - exit 1 + if [[ "$trivy_return" -eq 0 ]]; then + echo "trivy correctly returned success: ${trivy_return}" + else + echo "trivy returned ${trivy_return}, expected '0'. Failing..." + exit 1 + fi fi if [[ "$reviewdog_return" -eq 0 ]]; then @@ -106,7 +103,7 @@ jobs: trivy_target: . reporter: github-pr-check level: info - working_directory: testdata/with_detections + working_directory: testdata/config/terraform/with_detections # The check is expected to fail on the test data - name: Check return codes @@ -146,7 +143,7 @@ jobs: trivy_target: . reporter: github-pr-review level: info - working_directory: testdata/with_detections + working_directory: testdata/config/terraform/with_detections # The check is expected to fail on the test data # but for forked PRs reviewdog will just output @@ -191,7 +188,7 @@ jobs: trivy_target: . reporter: github-check level: info - working_directory: testdata/with_detections + working_directory: testdata/config/terraform/with_detections # The check is expected to fail on the test data - name: Check return codes diff --git a/testdata/with_detections/example.tf b/testdata/config/terraform/with_detections/example.tf similarity index 100% rename from testdata/with_detections/example.tf rename to testdata/config/terraform/with_detections/example.tf diff --git a/testdata/with_detections/main.tf b/testdata/config/terraform/with_detections/main.tf similarity index 100% rename from testdata/with_detections/main.tf rename to testdata/config/terraform/with_detections/main.tf diff --git a/testdata/without_detections/main.tf b/testdata/config/terraform/without_detections/main.tf similarity index 100% rename from testdata/without_detections/main.tf rename to testdata/config/terraform/without_detections/main.tf diff --git a/testdata/fs/npm/with_detections/package-lock.json b/testdata/fs/npm/with_detections/package-lock.json new file mode 100644 index 0000000..514c874 --- /dev/null +++ b/testdata/fs/npm/with_detections/package-lock.json @@ -0,0 +1,20 @@ +{ + "name": "npm", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "npm", + "version": "1.0.0", + "dependencies": { + "lodash": "^4.0.0" + } + }, + "node_modules/lodash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.0.0.tgz", + "integrity": "sha512-bWpSlBobTcHYK9eUzcBYHhSBGzvSzEsxocnW5+v7p6wCRlY1icneTe2ACam3mGdAu82+RLL32cmyl7TRlJHqZw==" + } + } +} diff --git a/testdata/fs/npm/with_detections/package.json b/testdata/fs/npm/with_detections/package.json new file mode 100644 index 0000000..79bc80c --- /dev/null +++ b/testdata/fs/npm/with_detections/package.json @@ -0,0 +1,15 @@ +{ + "name": "npm", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + "lodash": "^4.0.0" + } +} diff --git a/testdata/fs/npm/without_detections/package-lock.json b/testdata/fs/npm/without_detections/package-lock.json new file mode 100644 index 0000000..bce49cf --- /dev/null +++ b/testdata/fs/npm/without_detections/package-lock.json @@ -0,0 +1,12 @@ +{ + "name": "npm", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "npm", + "version": "1.0.0" + } + } +} diff --git a/testdata/fs/npm/without_detections/package.json b/testdata/fs/npm/without_detections/package.json new file mode 100644 index 0000000..b959061 --- /dev/null +++ b/testdata/fs/npm/without_detections/package.json @@ -0,0 +1,14 @@ +{ + "name": "npm", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + } +} From 6882a734b8d5e0b146ecc7b10eaee1f9b166f2cc Mon Sep 17 00:00:00 2001 From: Nayuta Ishii Date: Fri, 15 Mar 2024 21:16:11 +0900 Subject: [PATCH 3/5] fixup! Add test for fs --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3d48b15..9348568 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -28,7 +28,7 @@ jobs: DIRS_RESULT="${DIRS_RESULT}${dir}," fi done - MATRIX_JSON=$(echo "${DIRS_RESULT}" | sed 's/,$//' | sed 's/\\n//g' | jq -R -s -c 'split(",") | [.[] | {dir: ., command: split("/")[1], type: split("/")[4], label: [split("/")[2],split("/")[3]] | join("/")}]') + MATRIX_JSON=$(echo "${DIRS_RESULT}" | sed 's/,$//' | sed 's/\\n//g' | jq -R -s -c 'split(",") | [.[] | {dir: ., command: split("/")[2], type: split("/")[4], label: [split("/")[2],split("/")[3]] | join("/")}]') MATRIX="matrix={\"include\":${MATRIX_JSON}}" >> $GITHUB_OUTPUT echo "${MATRIX}" echo "${MATRIX}" >> $GITHUB_OUTPUT From bbbd003bbc9acf0e3070486e9d58ba58e8421f33 Mon Sep 17 00:00:00 2001 From: Nayuta Ishii Date: Tue, 20 Aug 2024 18:00:38 +0900 Subject: [PATCH 4/5] Add test matrix documents --- .github/workflows/tests.yml | 3 +++ README.md | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9348568..f4df62a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -28,6 +28,9 @@ jobs: DIRS_RESULT="${DIRS_RESULT}${dir}," fi done + + # Build actions' matrix from testadata dirs + # e.x. ./testdata/config/terraform/with_detections => { "dir": "./testdata/config/terraform/with_detections", "command": "config", "type": "with_detections", "label": "config/terraform" } MATRIX_JSON=$(echo "${DIRS_RESULT}" | sed 's/,$//' | sed 's/\\n//g' | jq -R -s -c 'split(",") | [.[] | {dir: ., command: split("/")[2], type: split("/")[4], label: [split("/")[2],split("/")[3]] | join("/")}]') MATRIX="matrix={\"include\":${MATRIX_JSON}}" >> $GITHUB_OUTPUT echo "${MATRIX}" diff --git a/README.md b/README.md index 1d27528..c5d343f 100644 --- a/README.md +++ b/README.md @@ -145,6 +145,18 @@ jobs: ## Development +### Tests + +#### GitHub Actions + +You can add the test files under the `./testdata` without any other changes. You need to create a directory with following naming rules and put the test files. + +``` +./testdata///[with_detecitons|without_detections] +``` + +For example, files in `./testdata/config/terraform/without_detecions` runs `trivy config ./testdata/config/terraform/without_detections` expecting without any detections. + ### Release #### [haya14busa/action-bumpr](https://github.com/haya14busa/action-bumpr) From 53cc527a5837e45b62fd88040635d6fdf25551f0 Mon Sep 17 00:00:00 2001 From: Nayuta Ishii Date: Wed, 21 Aug 2024 13:37:47 +0900 Subject: [PATCH 5/5] Add filesystem command test --- .../npm/with_detections/package-lock.json | 20 +++++++++++++++++++ .../npm/with_detections/package.json | 15 ++++++++++++++ .../npm/without_detections/package-lock.json | 12 +++++++++++ .../npm/without_detections/package.json | 14 +++++++++++++ 4 files changed, 61 insertions(+) create mode 100644 testdata/filesystem/npm/with_detections/package-lock.json create mode 100644 testdata/filesystem/npm/with_detections/package.json create mode 100644 testdata/filesystem/npm/without_detections/package-lock.json create mode 100644 testdata/filesystem/npm/without_detections/package.json diff --git a/testdata/filesystem/npm/with_detections/package-lock.json b/testdata/filesystem/npm/with_detections/package-lock.json new file mode 100644 index 0000000..514c874 --- /dev/null +++ b/testdata/filesystem/npm/with_detections/package-lock.json @@ -0,0 +1,20 @@ +{ + "name": "npm", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "npm", + "version": "1.0.0", + "dependencies": { + "lodash": "^4.0.0" + } + }, + "node_modules/lodash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.0.0.tgz", + "integrity": "sha512-bWpSlBobTcHYK9eUzcBYHhSBGzvSzEsxocnW5+v7p6wCRlY1icneTe2ACam3mGdAu82+RLL32cmyl7TRlJHqZw==" + } + } +} diff --git a/testdata/filesystem/npm/with_detections/package.json b/testdata/filesystem/npm/with_detections/package.json new file mode 100644 index 0000000..79bc80c --- /dev/null +++ b/testdata/filesystem/npm/with_detections/package.json @@ -0,0 +1,15 @@ +{ + "name": "npm", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + "lodash": "^4.0.0" + } +} diff --git a/testdata/filesystem/npm/without_detections/package-lock.json b/testdata/filesystem/npm/without_detections/package-lock.json new file mode 100644 index 0000000..bce49cf --- /dev/null +++ b/testdata/filesystem/npm/without_detections/package-lock.json @@ -0,0 +1,12 @@ +{ + "name": "npm", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "npm", + "version": "1.0.0" + } + } +} diff --git a/testdata/filesystem/npm/without_detections/package.json b/testdata/filesystem/npm/without_detections/package.json new file mode 100644 index 0000000..b959061 --- /dev/null +++ b/testdata/filesystem/npm/without_detections/package.json @@ -0,0 +1,14 @@ +{ + "name": "npm", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + } +}