Skip to content
Test Updated Actions

fix: address Dependabot security alerts #3

Sign in to view logs

fix: address Dependabot security alerts

fix: address Dependabot security alerts #3

Workflow file for this run

.github/workflows/test-updated-actions.yml at 2ec8079
name: Test Updated Actions
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
test-find-changed-files:
name: "Test: find-changed-files"
runs-on: ARM64
permissions:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v4
- name: Run find-changed-files
id: changed
uses: ./.github/actions/find-changed-files
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify output
run: |
files="${{ steps.changed.outputs.all_modified_files }}"
echo "Changed files: $files"
if [ -z "$files" ]; then
echo "::error::Expected non-empty all_modified_files output"
exit 1
fi
echo "find-changed-files produced output successfully"
test-archived-repo-scanner:
name: "Test: archived-repo-scanner"
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
actions: read
steps:
- uses: actions/checkout@v4
- name: Run archived-repo-scanner
id: scanner
uses: ./.github/actions/archived-repo-scanner
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
fail_on_archived: 'false'
- name: Verify output
run: |
total="${{ steps.scanner.outputs.total_github_links }}"
echo "Total GitHub links found: $total"
if [ -z "$total" ]; then
echo "::error::Expected total_github_links output to be set"
exit 1
fi
echo "archived-repo-scanner completed successfully"
test-csv-vulnerability-filter:
name: "Test: csv-vulnerability-filter"
runs-on: ARM64
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: Create sample CSV
run: |
mkdir -p /tmp/test-csv
cat > /tmp/test-csv/primary.csv << 'CSVEOF'
AWS Inspector Scan Results
Generated: 2025-01-01
ID,Severity,Title,Fixed Package,CVSS
CVE-2024-0001,CRITICAL,Test vuln 1,1.2.3,9.8
CVE-2024-0002,HIGH,Test vuln 2,2.0.0,7.5
CVE-2024-0003,MEDIUM,Test vuln 3,,5.0
CVE-2024-0004,LOW,Test vuln 4,N/A,2.1
CSVEOF
- name: Run csv-vulnerability-filter
id: filter
uses: ./.github/actions/csv-vulnerability-filter
with:
primary_csv_path: /tmp/test-csv/primary.csv
ignore_unpatched: 'false'
filter_min_severity: 'LOW'
- name: Verify output
run: |
count="${{ steps.filter.outputs.filtered_count }}"
echo "Filtered count: $count"
if [ -z "$count" ]; then
echo "::error::Expected filtered_count output to be set"
exit 1
fi
echo "csv-vulnerability-filter completed successfully with $count findings"
test-validate-json-schema:
name: "Test: validate-json-schema"
runs-on: ARM64
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: Test valid JSON (should pass)
uses: ./.github/actions/validate-json-schema
with:
data: '{"name": "test", "version": "1.0.0"}'
schema: '{"type": "object", "properties": {"name": {"type": "string"}, "version": {"type": "string"}}, "required": ["name", "version"]}'
- name: Test invalid JSON (should fail)
id: invalid
continue-on-error: true
uses: ./.github/actions/validate-json-schema
with:
data: '{"name": 123}'
schema: '{"type": "object", "properties": {"name": {"type": "string"}}, "required": ["name"]}'
- name: Verify invalid case was caught
run: |
if [ "${{ steps.invalid.outcome }}" = "failure" ]; then
echo "Correctly rejected invalid JSON"
else
echo "::error::Expected validation to fail for invalid JSON but it passed"
exit 1
fi
test-build-prep:
name: "Test: argus-builder/build-prep"
runs-on: ARM64
permissions:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v4
- name: Run build-prep
id: prep
uses: ./.github/actions/argus-builder/build-prep
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
images: |
{
"test-image": {
"context": ".",
"dockerfile": "Dockerfile"
}
}
- name: Verify outputs
run: |
tag="${{ steps.prep.outputs.image_tag }}"
should_build="${{ steps.prep.outputs.should_build }}"
echo "image_tag: $tag"
echo "should_build: $should_build"
if [ -z "$tag" ]; then
echo "::error::Expected image_tag output to be set"
exit 1
fi
echo "argus-builder/build-prep completed successfully"