HawkScan Action should fail step when HawkScan exits nonzero #1031
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "action-tests" | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
jobs: | |
# Run JS unit tests | |
unit-tests: | |
strategy: | |
matrix: | |
runner: [ 'ubuntu-latest', 'windows-latest' ] | |
name: Unit Tests | |
runs-on: ${{ matrix.runner }} | |
env: | |
SHAWK_API_KEY: ${{ secrets.HAWK_API_KEY }} | |
steps: | |
- uses: actions/checkout@v3 | |
- run: npm install --only=dev | |
- run: npm run lint | |
- run: npm clean-install | |
- run: npm test | |
# Run a HawkScan with this Action | |
live-test: | |
strategy: | |
matrix: | |
runner: [ 'ubuntu-latest', 'windows-latest' ] | |
name: Live Test | |
runs-on: ${{ matrix.runner }} | |
steps: | |
- name: Check it out | |
uses: actions/checkout@v3 | |
- name: Setup java on Windows | |
if: ${{ matrix.runner=='windows-latest' }} | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
- name: Run Scan | |
id: run-scan | |
uses: ./ | |
with: | |
apiKey: ${{ secrets.HAWK_API_KEY }} | |
githubToken: ${{ github.token }} | |
configurationFiles: __tests__/stackhawk.yml | |
codeScanningAlerts: true | |
# Use the output from the `hello` step | |
- name: Check Scan Id | |
run: echo "The last scan id was ${{ steps.run-scan.outputs.scanId }}" | |
# Run a HawkScan with verbose and debug logging | |
verbose-debug-test: | |
name: Verbose and Debug Logging Test | |
strategy: | |
matrix: | |
runner: [ 'ubuntu-latest', 'windows-latest' ] | |
runs-on: ${{ matrix.runner }} | |
steps: | |
- name: Check it out | |
uses: actions/checkout@v3 | |
- name: Setup java on Windows | |
if: ${{ matrix.runner=='windows-latest' }} | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
- name: Run Scan | |
uses: ./ | |
with: | |
# apiKey: ${{ secrets.HAWK_API_KEY }} | |
githubToken: ${{ github.token }} | |
configurationFiles: __tests__/stackhawk.yml | |
codeScanningAlerts: true | |
verbose: true | |
debug: true | |
# Run a HawkScan with this Action | |
command-line-test: | |
name: Command Line Test | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install CLI | |
uses: ./ | |
with: | |
installCLIOnly: true | |
- name: Run the scan | |
run: hawk --api-key=${{ secrets.HAWK_API_KEY }} scan __tests__/stackhawk.yml | |
# Run a HawkScan with this Action | |
ajax-test: | |
name: Ajax Test | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check it out | |
uses: actions/checkout@v3 | |
- name: Run Scan | |
uses: ./ | |
with: | |
apiKey: ${{ secrets.HAWK_API_KEY }} | |
githubToken: ${{ github.token }} | |
configurationFiles: __tests__/stackhawk.yml | |
codeScanningAlerts: true | |
javaspringvulny-test: | |
name: Java Spring Vulny Test | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Checkout javaspringvulny repository | |
uses: actions/checkout@v3 | |
with: | |
repository: kaakaww/javaspringvulny | |
path: ./__tests__/integration-tests/apps/javaspringvulny | |
- name: Run javaspringvulny | |
run: | | |
cd __tests__/integration-tests/apps/javaspringvulny | |
docker-compose up -d | |
- name: Run HawkScan | |
id: run-hawkscan | |
uses: ./ | |
with: | |
apiKey: ${{ secrets.HAWK_API_KEY }} | |
workspace: ${{ github.workspace }}/__tests__/integration-tests/configs/javaspringvulny/ | |
configurationFiles: stackhawk-jsv-json-token.yml | |
# verbose: true | |
debug: true | |
env: | |
APPLICATION_ID: 4030d674-88b7-4e07-8065-7761f9c63788 | |
- name: Run ReScan | |
uses: ./ | |
with: | |
apiKey: ${{ secrets.HAWK_API_KEY }} | |
workspace: ${{ github.workspace }}/__tests__/integration-tests/configs/javaspringvulny/ | |
configurationFiles: stackhawk-jsv-json-token.yml | |
command: rescan | |
args: | | |
--scan-id ${{ steps.run-hawkscan.outputs.scanId }} | |
env: | |
APPLICATION_ID: 4030d674-88b7-4e07-8065-7761f9c63788 | |
# If there is a new version according to the .bumpversion.cfg file in the main branch, tag and release | |
release-new-version: | |
name: Release New Version | |
runs-on: ubuntu-20.04 | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
needs: | |
- unit-tests | |
- live-test | |
- ajax-test | |
- verbose-debug-test | |
- command-line-test | |
- javaspringvulny-test | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Check Release Version | |
run: | | |
echo "RELEASE_VERSION=$(./scripts/version-check.sh)" >> $GITHUB_ENV | |
- name: Create Release | |
id: create_release | |
if: env.RELEASE_VERSION != '' | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: v${{ env.RELEASE_VERSION }} | |
release_name: HawkScan Action ${{ env.RELEASE_VERSION }} |