diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 56487fcc9f7..01766e1bfd5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,96 +1,36 @@ -name: "Release Pipeline" -on: - push: - tags: - - v* -env: - ANGULAR_CLI_VERSION: 17 - CYCLONEDX_NPM_VERSION: '^1.12.0' +# name: Pipeline scan and Issue importer + +on: push +#on: gollum # sort of a dummy to prevent this from running + jobs: package: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest, windows-latest, macos-latest] - node-version: [18, 20, 21] - steps: - - name: "Check out Git repository" - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0 - - name: "Use Node.js ${{ matrix.node-version }}" - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d #v3.8.1 - with: - node-version: ${{ matrix.node-version }} - - name: "Install CLI tools" - run: | - npm install -g @angular/cli@$ANGULAR_CLI_VERSION - npm install -g @cyclonedx/cyclonedx-npm@$CYCLONEDX_NPM_VERSION - npm install -g grunt-cli - - name: "Set packaging options for Grunt" - run: | - if [ "$RUNNER_OS" == "Windows" ]; then - echo "PCKG_OS_NAME=win32" >> $GITHUB_ENV - elif [ "$RUNNER_OS" == "macOS" ]; then - echo "PCKG_OS_NAME=darwin" >> $GITHUB_ENV - else - echo "PCKG_OS_NAME=linux" >> $GITHUB_ENV - fi - echo "PCKG_CPU_ARCH=x64" >> $GITHUB_ENV - echo "PCKG_NODE_VERSION=${{ matrix.node-version }}" >> $GITHUB_ENV - shell: bash - - name: "Package application" - run: | - npm install --production - npm run package:ci - - name: 'Attach packaged archive to tag release' - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 #v0.1.15 - with: - draft: true - files: dist/* - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - docker: runs-on: ubuntu-latest steps: - - name: "Check out Git repository" - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0 - - name: "Set up QEMU" - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 #v3.0.0 - - name: "Set up Docker Buildx" - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #v3.0.0 - - name: "Login to DockerHub" - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d #v3.0.0 + - name: checkout code + uses: actions/checkout@v2 + - name: GitHub Action for Bash + uses: lafernando/github-action-bash@v1.0 + + # script: + - run: curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh + - run: ./bin/bearer scan ./* --output=./theresults.json --format=json + - run: ls -lahrt && pwd + + - name: save archive + uses: actions/upload-artifact@v2 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: "Get tag name" - id: tag - uses: dawidd6/action-get-tag@727a6f0a561be04e09013531e73a3983a65e3479 #v1.1.0 TODO Action is archived and should be replaced eventually - - name: "Set labels for ${{ github.ref }}" - run: | - echo "VCS_REF=`git rev-parse --short HEAD`" >> $GITHUB_ENV - echo "BUILD_DATE=`date -u +”%Y-%m-%dT%H:%M:%SZ”`" >> $GITHUB_ENV - - name: "Build and push for AMD64 and ARM64 processors" - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 #v5.0.0 + name: theresults.json + path: . + - name: get archive + uses: actions/download-artifact@v2 with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: | - bkimminich/juice-shop:${{ steps.tag.outputs.tag }} - build-args: | - VCS_REF=${{ env.VCS_REF }} - BUILD_DATE=${{ env.BUILD_DATE }} - CYCLONEDX_NPM_VERSION=${{ env.CYCLONEDX_NPM_VERSION }} - notify-slack: - if: always() - needs: - - package - - docker - runs-on: ubuntu-latest - steps: - - name: "Slack workflow notification" - uses: Gamesight/slack-workflow-status@26a36836c887f260477432e4314ec3490a84f309 #v1.2.0 + name: theresults.json + path: . + + + - uses: khorwood/sarif-converter@main with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + type: checkov + input: ./theresults.json + output: ./theresults.sarif