HawkScan Action should fail step when HawkScan exits nonzero #1030

Workflow file for this run

	name: "action-tests"
	on:
	pull_request:
	push:
	branches:
	- main

	jobs:
	# Run JS unit tests
	unit-tests:
	strategy:
	matrix:
	runner: [ 'ubuntu-latest', 'windows-latest' ]
	name: Unit Tests
	runs-on: ${{ matrix.runner }}
	env:
	SHAWK_API_KEY: ${{ secrets.HAWK_API_KEY }}
	steps:
	- uses: actions/checkout@v3
	- run: npm install --only=dev
	- run: npm run lint
	- run: npm clean-install
	- run: npm test

	# Run a HawkScan with this Action
	live-test:
	strategy:
	matrix:
	runner: [ 'ubuntu-latest', 'windows-latest' ]
	name: Live Test
	runs-on: ${{ matrix.runner }}
	steps:
	- name: Check it out
	uses: actions/checkout@v3
	- name: Setup java on Windows
	if: ${{ matrix.runner=='windows-latest' }}
	uses: actions/setup-java@v3
	with:
	distribution: 'temurin'
	java-version: '17'
	- name: Run Scan
	id: run-scan
	uses: ./
	with:
	apiKey: ${{ secrets.HAWK_API_KEY }}
	githubToken: ${{ github.token }}
	configurationFiles: __tests__/stackhawk.yml
	codeScanningAlerts: true
	# Use the output from the `hello` step
	- name: Check Scan Id
	run: echo "The last scan id was ${{ steps.run-scan.outputs.scanId }}"

	# Run a HawkScan with verbose and debug logging
	verbose-debug-test:
	name: Verbose and Debug Logging Test
	strategy:
	matrix:
	runner: [ 'ubuntu-latest', 'windows-latest' ]
	runs-on: ${{ matrix.runner }}
	steps:
	- name: Check it out
	uses: actions/checkout@v3
	- name: Setup java on Windows
	if: ${{ matrix.runner=='windows-latest' }}
	uses: actions/setup-java@v3
	with:
	distribution: 'temurin'
	java-version: '17'
	- name: Run Scan
	uses: ./
	with:
	# apiKey: ${{ secrets.HAWK_API_KEY }}
	githubToken: ${{ github.token }}
	configurationFiles: __tests__/stackhawk.yml
	codeScanningAlerts: true
	verbose: true
	debug: true

	# Run a HawkScan with this Action
	command-line-test:
	name: Command Line Test
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/checkout@v3
	- name: Install CLI
	uses: ./
	with:
	installCLIOnly: true
	- name: Run the scan
	run: hawk --api-key=${{ secrets.HAWK_API_KEY }} scan __tests__/stackhawk.yml

	# Run a HawkScan with this Action
	ajax-test:
	name: Ajax Test
	runs-on: ubuntu-20.04
	steps:
	- name: Check it out
	uses: actions/checkout@v3
	- name: Run Scan
	uses: ./
	with:
	apiKey: ${{ secrets.HAWK_API_KEY }}
	githubToken: ${{ github.token }}
	configurationFiles: __tests__/stackhawk.yml
	codeScanningAlerts: true

	javaspringvulny-test:
	name: Java Spring Vulny Test
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/checkout@v3
	- name: Checkout javaspringvulny repository
	uses: actions/checkout@v3
	with:
	repository: kaakaww/javaspringvulny
	path: ./__tests__/integration-tests/apps/javaspringvulny
	- name: Run javaspringvulny
	run: \|
	cd __tests__/integration-tests/apps/javaspringvulny
	docker-compose up -d
	- name: Run HawkScan
	id: run-hawkscan
	uses: ./
	with:
	apiKey: ${{ secrets.HAWK_API_KEY }}
	workspace: ${{ github.workspace }}/__tests__/integration-tests/configs/javaspringvulny/
	configurationFiles: stackhawk-jsv-json-token.yml
	# verbose: true
	debug: true
	env:
	APPLICATION_ID: 4030d674-88b7-4e07-8065-7761f9c63788
	- name: Run ReScan
	uses: ./
	with:
	apiKey: ${{ secrets.HAWK_API_KEY }}
	workspace: ${{ github.workspace }}/__tests__/integration-tests/configs/javaspringvulny/
	configurationFiles: stackhawk-jsv-json-token.yml
	command: rescan
	args: \|
	--scan-id ${{ steps.run-hawkscan.outputs.scanId }}
	env:
	APPLICATION_ID: 4030d674-88b7-4e07-8065-7761f9c63788

	# If there is a new version according to the .bumpversion.cfg file in the main branch, tag and release
	release-new-version:
	name: Release New Version
	runs-on: ubuntu-20.04
	if: github.ref == 'refs/heads/main' && github.event_name == 'push'
	needs:
	- unit-tests
	- live-test
	- ajax-test
	- verbose-debug-test
	- command-line-test
	- javaspringvulny-test
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: Check Release Version
	run: \|
	echo "RELEASE_VERSION=$(./scripts/version-check.sh)" >> $GITHUB_ENV
	- name: Create Release
	id: create_release
	if: env.RELEASE_VERSION != ''
	uses: actions/create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	tag_name: v${{ env.RELEASE_VERSION }}
	release_name: HawkScan Action ${{ env.RELEASE_VERSION }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HawkScan Action should fail step when HawkScan exits nonzero #1030

Workflow file

HawkScan Action should fail step when HawkScan exits nonzero #1030

Jobs

Run details

Workflow file for this run