-
Notifications
You must be signed in to change notification settings - Fork 9
145 lines (120 loc) · 5.96 KB
/
integration-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: "Integration tests"
on:
push:
branches: [main]
pull_request:
jobs:
integration-tests:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Trigger variant analysis
id: trigger
run: |
if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
REF="$GITHUB_HEAD_REF"
else
REF="$GITHUB_REF_NAME"
fi
QUERY_PACK=$(curl --no-progress-meter https://github.com/$GITHUB_REPOSITORY/releases/download/test/test_pack2.tar.gz -L | base64)
cat <<EOF >> input.json
{
"action_repo_ref": "$REF",
"language": "go",
"query_pack": "$QUERY_PACK",
"repositories": [
"docker/compose",
"hashicorp/terraform",
"github/does-not-exist"
]
}
EOF
echo "input.json: $(cat input.json)"
RESPONSE=$(curl --no-progress-meter -H "Authorization: Bearer ${{ secrets.BOT_TOKEN }}" "https://api.github.com/repos/$GITHUB_REPOSITORY/code-scanning/codeql/variant-analyses" -X POST -d @input.json)
echo "Response: $RESPONSE"
ID="$(echo "$RESPONSE" | jq '.id')"
echo "Triggered variant analysis $ID"
if [ "$ID" == "null" ]; then
echo "Error triggering variant analysis"
exit 1
fi
echo "variant_analysis_id=$ID" >> $GITHUB_OUTPUT
- name: Wait for variant analysis to complete
run: |
while true; do
RESPONSE=$(curl --no-progress-meter -H "Authorization: Bearer ${{ secrets.BOT_TOKEN }}" "https://api.github.com/repos/$GITHUB_REPOSITORY/code-scanning/codeql/variant-analyses/${{ steps.trigger.outputs.variant_analysis_id }}")
STATUS="$(echo "$RESPONSE" | jq '.status' -r)"
ACTIONS_WORKFLOW_RUN_ID="$(echo "$RESPONSE" | jq '.actions_workflow_run_id' -r)"
echo "Variant analysis ${{ steps.trigger.outputs.variant_analysis_id }} status: $STATUS"
if [ "$ACTION_WORKFLOW_RUN_ID" != "null" ]; then
echo "Actions workflow URL: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$ACTIONS_WORKFLOW_RUN_ID"
fi
if [ "$STATUS" != "in_progress" ]; then
echo "Exiting..."
exit 0
fi
sleep 10s
done
- name: Validate variant analysis status
id: validate
run: |
RESPONSE=$(curl --no-progress-meter -H "Authorization: Bearer ${{ secrets.BOT_TOKEN }}" "https://api.github.com/repos/$GITHUB_REPOSITORY/code-scanning/codeql/variant-analyses/${{ steps.trigger.outputs.variant_analysis_id }}")
echo "Response: $RESPONSE"
echo "Actions workflow URL: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$(echo "$RESPONSE" | jq '.actions_workflow_run_id')"
if [ "$(echo "$RESPONSE" | jq '.failure_reason')" != "null" ]; then
echo "Failure reason is not null"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq -r '.status')" != "succeeded" ]; then
echo "Status is not succeeded"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.scanned_repositories | length')" != "2" ]; then
echo "Number of scanned repos is not 2"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.scanned_repositories[].repository.full_name' -r | sort)" != "$(echo -e "docker/compose\nhashicorp/terraform")" ]; then
echo "Full names of scanned repos is incorrect"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.scanned_repositories[] | select(.analysis_status = "succeeded") | .repository.full_name' | wc -l)" != "2" ]; then
echo "Number of repositories with successful status is not 2"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.scanned_repositories[] | select(.result_count = 3) | .repository.full_name' | wc -l)" != "2" ]; then
echo "Number of repositories with precisely 3 results is not 2"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.scanned_repositories[] | select(.artifact_size_in_bytes > 0) | .repository.full_name' | wc -l)" != "2" ]; then
echo "Number of repositories with a non-zero artifact size is not 2"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.skipped_repositories.not_found_repos.repository_count')" != "1" ]; then
echo "Number of not found skipped repos is not 1"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.skipped_repositories.not_found_repos.repository_full_names[]' -r)" != "github/does-not-exist" ]; then
echo "Not found skipped repos is incorrect"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.skipped_repositories.access_mismatch_repos.repository_count')" != "0" ]; then
echo "Number of access mismatch skipped repos is not 0"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.skipped_repositories.no_codeql_db_repos.repository_count')" != "0" ]; then
echo "Number of no CodeQL DB skipped repos is not 0"
exit 1
fi
if [ "$(echo "$RESPONSE" | jq '.skipped_repositories.over_limit_repos.repository_count')" != "0" ]; then
echo "Number of over limit skipped repos is not 0"
exit 1
fi
ACTIONS_RESPONSE=$(curl --no-progress-meter -H "Authorization: Bearer ${{ secrets.BOT_TOKEN }}" "https://api.github.com/repos/$GITHUB_REPOSITORY/actions/runs/$(echo "$RESPONSE" | jq '.actions_workflow_run_id')")
if [ "$(echo "$ACTIONS_RESPONSE" | jq '.status' -r)" != "completed" ]; then
echo "Actions workflow status is not completed"
exit 1
fi
if [ "$(echo "$ACTIONS_RESPONSE" | jq '.conclusion' -r)" != "success" ]; then
echo "Actions workflow conclusion is not success"
exit 1
fi