Skip to content

Commit 3a962aa

Browse files
baileympearsonbaileympearson
committed
add sarif report generation
1 parent f0fbe91 commit 3a962aa

File tree

2 files changed

+48
-16
lines changed

2 files changed

+48
-16
lines changed

.github/workflows/codeql.yml

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,6 @@ on:
99
jobs:
1010
analyze:
1111
name: Analyze (${{ matrix.language }} - ${{ matrix.identifier }})
12-
# Runner size impacts CodeQL analysis time. To learn more, please see:
13-
# - https://gh.io/recommended-hardware-resources-for-running-codeql
14-
# - https://gh.io/supported-runners-and-hardware-resources
15-
# - https://gh.io/using-larger-runners (GitHub.com only)
16-
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
1712
runs-on: 'ubuntu-latest'
1813
timeout-minutes: 360
1914
permissions:

.github/workflows/release.yml

Lines changed: 48 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -19,20 +19,57 @@ jobs:
1919
- id: release
2020
uses: google-github-actions/release-please-action@v4
2121

22-
compress_sign_and_upload:
23-
needs: [release_please]
22+
# compress_sign_and_upload:
23+
# needs: [release_please]
24+
# if: ${{ needs.release_please.outputs.release_created }}
25+
# runs-on: ubuntu-latest
26+
# steps:
27+
# - uses: actions/checkout@v4
28+
# - name: actions/setup
29+
# uses: ./.github/actions/setup
30+
# - name: actions/compress_sign_and_upload
31+
# uses: ./.github/actions/compress_sign_and_upload
32+
# with:
33+
# garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }}
34+
# garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
35+
# artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
36+
# artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
37+
# - run: npm publish --provenance
38+
# env:
39+
# NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
40+
41+
generate_sarif_report:
42+
environment: release
2443
runs-on: ubuntu-latest
44+
permissions:
45+
# required for all workflows
46+
security-events: write
47+
id-token: write
48+
contents: write
49+
2550
steps:
2651
- uses: actions/checkout@v4
2752
- name: actions/setup
2853
uses: ./.github/actions/setup
29-
- name: actions/compress_sign_and_upload
30-
uses: ./.github/actions/compress_sign_and_upload
54+
- name: Set up drivers-github-tools
55+
uses: mongodb-labs/drivers-github-tools/setup@v2
3156
with:
32-
garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }}
33-
garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
34-
artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
35-
artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
36-
- run: npm publish --provenance
37-
env:
38-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
57+
aws_region_name: us-east-1
58+
aws_role_arn: ${{ secrets.aws_role_arn }}
59+
aws_secret_id: ${{ secrets.aws_secret_id }}
60+
61+
- name: "Generate Sarif Report"
62+
uses: "alcaeus/drivers-github-tools/code-scanning-export@export-code-scanning-report"
63+
with:
64+
ref: main
65+
output-file: sarif-report.json
66+
67+
- name: "Move sarif report to output file"
68+
shell: bash
69+
run: cp sarif-report.json ${{ env.S3_ASSETS }}/sarif-report.json
70+
71+
- name: 'Print (TODO - upload to s3 instead)'
72+
shell: bash
73+
run: |
74+
ls ${{ env.S3_ASSETS }}
75+
cat ${{ env.S3_ASSETS }}/sarif-report.json

0 commit comments

Comments
 (0)