-
Notifications
You must be signed in to change notification settings - Fork 54
57 lines (50 loc) · 2.03 KB
/
code_scan.yml
File metadata and controls
57 lines (50 loc) · 2.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: code-scan
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
scan-code-and-report:
runs-on: scan
if: ${{ github.repository == 'FlagTree/flagtree' }}
concurrency:
group: scan-code-and-report-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
steps:
- name: Setup environment
shell: bash
run: |
source ~/env.sh
env | grep -E '^(http_proxy|https_proxy|all_proxy|no_proxy)=' >> $GITHUB_ENV || true
- name: Smart Checkout
uses: flagos-ai/FlagTree/.github/actions/smart-checkout@main
with:
checkout_version: 'v6'
- name: Scan flagtree repo
shell: bash
run: |
set -x
git config --global --add safe.directory ../flagtree
if [ "${{ github.event_name }}" == "pull_request" ]; then
echo "This is a pull request event. PR number is ${{ github.event.pull_request.number }}"
PR_ID=${{ github.event.pull_request.number }}
elif [ "${{ github.event_name }}" == "push" ]; then
PR_NUMBER=$(git log -1 --pretty=format:'%s' | grep -oE '#[0-9]+' | grep -oE '[0-9]+')
echo "This is a push event. The relate PR number is ${PR_NUMBER}"
PR_ID=${PR_NUMBER}
fi
python /work/flag_tree/code_can/scan_code.py --pr ${PR_ID} --hash ${GITHUB_SHA} --attempt ${GITHUB_RUN_ATTEMPT}
- name: Code Scan Report
shell: bash
run: |
set -x
git config --global --add safe.directory ../flagtree
if [ "${{ github.event_name }}" == "pull_request" ]; then
PR_ID=${{ github.event.pull_request.number }}
elif [ "${{ github.event_name }}" == "push" ]; then
PR_NUMBER=$(git log -1 --pretty=format:'%s' | grep -oE '#[0-9]+' | grep -oE '[0-9]+')
PR_ID=${PR_NUMBER}
fi
echo "Repo Scan report:"
echo "http://120.92.44.177/tree_scan_report/PR${PR_ID}-${GITHUB_SHA}-${GITHUB_RUN_ATTEMPT}.html"