Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Branch: mj-v2-poc-e2e-framework
Branches Tags
helm-external-s...
/
.github
/
workflows
/
dlc.yml

dlc.yml 3.7 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. name: Dependency License Checks
    2. 

  2. 

  3. on:
    4. 

  4.   pull_request:
    5. 

  5.     paths:
    6. 

  6.       - "go.mod"
    7. 

  7.   workflow_dispatch: {}
    8. 

  8. 

  9. permissions:
    10. 

  10.   contents: read
    11. 

  11. 

  12. env:
    13. 

  13.   HAS_FOSSA_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
    14. 

  14. 

  15. jobs:
    16. 

  16.   fossa-scan:
    17. 

  17.     runs-on: ubuntu-latest
    18. 

  18.     steps:
    19. 

  19.       - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
    20. 

  20.         if: ${{ env.HAS_FOSSA_KEY == 'true' }}
    21. 

  21.         with:
    22. 

  22.           egress-policy: audit
    23. 

  23.       - name: "Checkout Code"
    24. 

  24.         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
    25. 

  25.         if: ${{ env.HAS_FOSSA_KEY == 'true' }}
    26. 

  26.         with:
    27. 

  27.           persist-credentials: false
    28. 

  28. 

  29.       - name: "Install FOSSA CLI"
    30. 

  30.         if: ${{ env.HAS_FOSSA_KEY == 'true' }}
    31. 

  31.         run: |
    32. 

  32.           curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash -s -- -b "$RUNNER_TEMP/bin" v3.17.1
    33. 

  33.           echo "$RUNNER_TEMP/bin" >> "$GITHUB_PATH"
    34. 

  34.           "$RUNNER_TEMP/bin/fossa" --version
    35. 

  35. 

  36.       - name: "Run FOSSA Scan"
    37. 

  37.         id: fossa_scan
    38. 

  38.         if: ${{ env.HAS_FOSSA_KEY == 'true' }}
    39. 

  39.         continue-on-error: true
    40. 

  40.         env:
    41. 

  41.           FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
    42. 

  42.           FOSSA_BRANCH: ${{ github.head_ref || github.ref_name }}
    43. 

  43.           FOSSA_REVISION: ${{ github.event.pull_request.head.sha || github.sha }}
    44. 

  44.         run: |
    45. 

  45.           fossa analyze --debug --branch "$FOSSA_BRANCH" --revision "$FOSSA_REVISION" >"$RUNNER_TEMP/fossa-analyze.stdout" 2>"$RUNNER_TEMP/fossa-analyze.stderr"
    46. 

  46. 

  47.       - name: "Report FOSSA Scan Failure"
    48. 

  48.         if: ${{ env.HAS_FOSSA_KEY == 'true' && steps.fossa_scan.outcome == 'failure' }}
    49. 

  49.         run: |
    50. 

  50.           if [ -f /tmp/fossa-analyze-scan-summary.txt ]; then
    51. 

  51.             echo "FOSSA analyze summary:"
    52. 

  52.             cat /tmp/fossa-analyze-scan-summary.txt
    53. 

  53.             summary=$(tail -n 20 /tmp/fossa-analyze-scan-summary.txt | tr '\n' ' ' | sed 's/%/%25/g; s/\r/%0D/g')
    54. 

  54.             echo "::error::${summary}"
    55. 

  55.           elif [ -f "$RUNNER_TEMP/fossa-analyze.stderr" ]; then
    56. 

  56.             echo "FOSSA analyze stderr:"
    57. 

  57.             cat "$RUNNER_TEMP/fossa-analyze.stderr"
    58. 

  58.             if grep -q "Invalid project permission" "$RUNNER_TEMP/fossa-analyze.stderr"; then
    59. 

  59.               echo "::warning::FOSSA scan skipped because the configured API key does not have project edit permission in the FOSSA organization."
    60. 

  60.               exit 0
    61. 

  61.             fi
    62. 

  62.             summary=$(tail -n 20 "$RUNNER_TEMP/fossa-analyze.stderr" | tr '\n' ' ' | sed 's/%/%25/g; s/\r/%0D/g')
    63. 

  63.             echo "::error::${summary}"
    64. 

  64.           else
    65. 

  65.             echo "::error::FOSSA scan failed before writing /tmp/fossa-analyze-scan-summary.txt"
    66. 

  66.           fi
    67. 

  67.           exit 1
    68. 

  68. 

  69.       - name: "Run FOSSA Test"
    70. 

  70.         id: fossa_test
    71. 

  71.         if: ${{ env.HAS_FOSSA_KEY == 'true' && steps.fossa_scan.outcome == 'success' }}
    72. 

  72.         continue-on-error: true
    73. 

  73.         env:
    74. 

  74.           FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
    75. 

  75.           FOSSA_REVISION: ${{ github.event.pull_request.head.sha || github.sha }}
    76. 

  76.         run: |
    77. 

  77.           fossa test --debug --revision "$FOSSA_REVISION" >"$RUNNER_TEMP/fossa-test.stdout" 2>"$RUNNER_TEMP/fossa-test.stderr"
    78. 

  78. 

  79.       - name: "Report FOSSA Test Failure"
    80. 

  80.         if: ${{ env.HAS_FOSSA_KEY == 'true' && steps.fossa_test.outcome == 'failure' }}
    81. 

  81.         run: |
    82. 

  82.           if [ -f "$RUNNER_TEMP/fossa-test.stderr" ]; then
    83. 

  83.             echo "FOSSA test stderr:"
    84. 

  84.             cat "$RUNNER_TEMP/fossa-test.stderr"
    85. 

  85.             summary=$(tail -n 20 "$RUNNER_TEMP/fossa-test.stderr" | tr '\n' ' ' | sed 's/%/%25/g; s/\r/%0D/g')
    86. 

  86.             echo "::error::${summary}"
    87. 

  87.           else
    88. 

  88.             echo "::error::FOSSA test failed. No stderr file was captured."
    89. 

  89.           fi
    90. 

  90.           exit 1
    91.