.github/workflows/test.yml

name: "action-tests"
on:
  pull_request:
  push:
    branches:
      - main

jobs:
  # Run JS unit tests
  unit-tests:
    strategy:
      matrix:
        runner: [ 'ubuntu-latest', 'windows-latest' ]
    name: Unit Tests
    runs-on: ${{ matrix.runner }}
    env:
      SHAWK_API_KEY: ${{ secrets.HAWK_API_KEY }}
    steps:
    - uses: actions/checkout@v3
    - run: npm install --only=dev
    - run: npm run lint
    - run: npm clean-install
    - run: npm test

  # Run a HawkScan with this Action
  live-test:
    strategy:
      matrix:
        runner: [ 'ubuntu-latest', 'windows-latest' ]
    name: Live Test
    runs-on: ${{ matrix.runner }}
    steps:
      - name: Check it out
        uses: actions/checkout@v3
      - name: Setup java
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'
      - name: Run Scan
        id: run-scan
        uses: ./
        with:
          apiKey: ${{ secrets.HAWK_API_KEY }}
          githubToken: ${{ github.token }}
          configurationFiles: __tests__/stackhawk.yml
          codeScanningAlerts: true
      # Use the output from the `hello` step
      - name: Check Scan Id
        run: echo "The last scan id was ${{ steps.run-scan.outputs.scanId }}"

  # Run a HawkScan with verbose and debug logging
  verbose-debug-test:
    name: Verbose and Debug Logging Test
    strategy:
      matrix:
        runner: [ 'ubuntu-latest', 'windows-latest' ]
    runs-on: ${{ matrix.runner }}
    steps:
      - name: Check it out
        uses: actions/checkout@v3
      - name: Setup java
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'
      - name: Run Scan
        uses: ./
        with:
          apiKey: ${{ secrets.HAWK_API_KEY }}
          githubToken: ${{ github.token }}
          configurationFiles: __tests__/stackhawk.yml
          codeScanningAlerts: true
          verbose: true
          debug: true

  # Run a HawkScan with this Action
  command-line-test:
    name: Command Line Test
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v3
      - name: Setup java
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'
      - name: Install CLI
        uses: ./
        with:
          installCLIOnly: true
      - name: Run the scan
        run: hawk --api-key=${{ secrets.HAWK_API_KEY }} scan __tests__/stackhawk.yml

  # Run a HawkScan with this Action
  ajax-test:
      name: Ajax Test
      runs-on: ubuntu-20.04
      steps:
        - name: Check it out
          uses: actions/checkout@v3
        - name: Setup java
          uses: actions/setup-java@v4
          with:
            distribution: 'temurin'
            java-version: '17'
        - name: Run Scan
          uses: ./
          with:
            apiKey: ${{ secrets.HAWK_API_KEY }}
            githubToken: ${{ github.token }}
            configurationFiles: __tests__/stackhawk.yml
            codeScanningAlerts: true

  javaspringvulny-test:
    name: Java Spring Vulny Test
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v3
      - name: Setup java
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'
      - name: Checkout javaspringvulny repository
        uses: actions/checkout@v3
        with:
          repository: kaakaww/javaspringvulny
          path: ./__tests__/integration-tests/apps/javaspringvulny
      - name: Run javaspringvulny
        run: |
          cd __tests__/integration-tests/apps/javaspringvulny
          docker-compose up -d
      - name: Run HawkScan
        id: run-hawkscan
        uses: ./
        with:
          apiKey: ${{ secrets.HAWK_API_KEY }}
          workspace: ${{ github.workspace }}/__tests__/integration-tests/configs/javaspringvulny/
          configurationFiles: stackhawk-jsv-json-token.yml
          # verbose: true
          debug: true
        env:
          APPLICATION_ID: 4030d674-88b7-4e07-8065-7761f9c63788
      - name: Run ReScan
        uses: ./
        with:
          apiKey: ${{ secrets.HAWK_API_KEY }}
          workspace: ${{ github.workspace }}/__tests__/integration-tests/configs/javaspringvulny/
          configurationFiles: stackhawk-jsv-json-token.yml
          command: rescan
          args: |
            --scan-id ${{ steps.run-hawkscan.outputs.scanId }}
        env:
          APPLICATION_ID: 4030d674-88b7-4e07-8065-7761f9c63788

  # If there is a new version according to the .bumpversion.cfg file in the main branch, tag and release
  release-new-version:
    name: Release New Version
    runs-on: ubuntu-20.04
    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
    needs:
      - unit-tests
      - live-test
      - ajax-test
      - verbose-debug-test
      - command-line-test
      - javaspringvulny-test
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Check Release Version
        run: |
          echo "RELEASE_VERSION=$(./scripts/version-check.sh)" >> $GITHUB_ENV
      - name: Create Release
        id: create_release
        if: env.RELEASE_VERSION != ''
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: v${{ env.RELEASE_VERSION }}
          release_name: HawkScan Action ${{ env.RELEASE_VERSION }}