Skip to content

Commit

Permalink
Merge pull request #48 from newrelic-csec/main
Browse files Browse the repository at this point in the history
Move FOSSA workflows to newrelic org
  • Loading branch information
elaguerta-nr authored May 13, 2024
2 parents 106d246 + 864e76a commit eebdaa7
Show file tree
Hide file tree
Showing 7 changed files with 535 additions and 25 deletions.
87 changes: 87 additions & 0 deletions .github/workflows/fossa-caos.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
name: FOSSA CLI Analysis
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
workflow_dispatch:

jobs:
fossa:
runs-on: ubuntu-latest
env:
FOSSA_API_KEY: ${{secrets.FOSSA_API_KEY}}
ORG: ${{ github.repository_owner }}
REPO: ${{ github.repository }}
ORG_ADMIN_PAT: ${{ secrets.ELAGUERTA_PAT }}

strategy:
fail-fast: false

steps:
- uses: actions/checkout@v3
- name: Give GitHub Actions access to private crates
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.CAOS_RUST_CRATE_FOSSA }}
- id: fossa-list-targets
name: Run fossa list-targets
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa list-targets ran with errors."
cat $LIST_TARGETS_ERR_FILE
echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
then
echo "::notice::Fossa found analysis targets."
cat $LIST_TARGETS_OUT_FILE
echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
else
echo "::warning::Fossa did not find any analysis targets."
echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
fi
- name: Set hasFossaTargets custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $ORG_ADMIN_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"hasFossaTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
- id: fossa-analyze
name: Run fossa analyze
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
run: |
export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
export ANALYZE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
fossa analyze --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALYZE_ERR_FILE || true
if [[ $(grep "ERROR" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa analyze ran with errors."
cat $ANALYZE_ERR_FILE
echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
else
cat $ANALYZE_OUT_FILE
echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaAnalyzeResult custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $ORG_ADMIN_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
- name: Exit
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
run: exit 1

82 changes: 82 additions & 0 deletions .github/workflows/fossa-default.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
name: FOSSA CLI Analysis
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
workflow_dispatch:

jobs:
fossa:
runs-on: ubuntu-latest
env:
FOSSA_API_KEY: ${{secrets.FOSSA_API_KEY}}
ORG: ${{ github.repository_owner }}
REPO: ${{ github.repository }}
ORG_ADMIN_PAT: ${{ secrets.ELAGUERTA_PAT }}

strategy:
fail-fast: false

steps:
- uses: actions/checkout@v3
- id: fossa-list-targets
name: Run fossa list-targets
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa list-targets ran with errors."
cat $LIST_TARGETS_ERR_FILE
echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
then
echo "::notice::Fossa found analysis targets."
cat $LIST_TARGETS_OUT_FILE
echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
else
echo "::warning::Fossa did not find any analysis targets."
echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
fi
- name: Set hasFossaTargets custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $ORG_ADMIN_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"hasFossaTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
- id: fossa-analyze
name: Run fossa analyze
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
run: |
export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
export ANALYZE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
fossa analyze --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALYZE_ERR_FILE || true
if [[ $(grep "ERROR" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa analyze ran with errors."
cat $ANALYZE_ERR_FILE
echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
else
cat $ANALYZE_OUT_FILE
echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaAnalyzeResult custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $ORG_ADMIN_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
- name: Exit
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
run: exit 1
87 changes: 87 additions & 0 deletions .github/workflows/fossa-elixir.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
name: FOSSA CLI Analysis
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
workflow_dispatch:

jobs:
fossa:
runs-on: ubuntu-latest
env:
FOSSA_API_KEY: ${{secrets.FOSSA_API_KEY}}
ORG: ${{ github.repository_owner }}
REPO: ${{ github.repository }}
ORG_ADMIN_PAT: ${{ secrets.ELAGUERTA_PAT }}

strategy:
fail-fast: false

steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: '26'
elixir: '1.15'
- id: fossa-list-targets
name: Run fossa list-targets
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa list-targets ran with errors."
cat $LIST_TARGETS_ERR_FILE
echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
then
echo "::notice::Fossa found analysis targets."
cat $LIST_TARGETS_OUT_FILE
echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
else
echo "::warning::Fossa did not find any analysis targets."
echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
fi
- name: Set hasFossaTargets custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $ORG_ADMIN_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"hasFossaTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
- id: fossa-analyze
name: Run fossa analyze
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
run: |
export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
export ANALZYE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
fossa analyze --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALZYE_ERR_FILE || true
if [[ $(grep -i "error" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa analyze ran with errors."
cat $ANALYZE_ERR_FILE
echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
else
cat $ANALYZE_OUT_FILE
echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaAnalyzeResult custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $ORG_ADMIN_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
- name: Exit
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
run: exit 1

106 changes: 106 additions & 0 deletions .github/workflows/fossa-gradle.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
name: FOSSA CLI Analysis
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
workflow_dispatch:

jobs:
fossa:
runs-on: ubuntu-latest
env:
FOSSA_API_KEY: ${{secrets.FOSSA_API_KEY}}
ORG: ${{ github.repository_owner }}
REPO: ${{ github.repository }}
ORG_ADMIN_PAT: ${{ secrets.ELAGUERTA_PAT }}

strategy:
fail-fast: false

steps:
- name: Checkout this repo
uses: actions/checkout@v4
- name: Setup javas
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: |
21
17
11
8
- name: Set gradle.properties
run: |
export GRADLE_PROPERTIES_PATH="./gradle.properties"
echo "jdk8=${JAVA_HOME_8_X64}" >> $GRADLE_PROPERTIES_PATH
echo "jdk11=${JAVA_HOME_11_X64}" >> $GRADLE_PROPERTIES_PATH
echo "jdk17=${JAVA_HOME_17_X64}" >> $GRADLE_PROPERTIES_PATH
echo "jdk21=${JAVA_HOME_21_X64}" >> $GRADLE_PROPERTIES_PATH
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
cache-read-only: true
- name: Setup Gradle options
run: echo "GRADLE_OPTIONS=--console=plain --parallel -Porg.gradle.java.installations.auto-detect=false -Porg.gradle.java.installations.fromEnv=JAVA_HOME_8_X64,JAVA_HOME_11_X64,JAVA_HOME_17_X64,JAVA_HOME_21_X64" >> $GITHUB_ENV
- id: fossa-list-targets
name: Run fossa list-targets
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
export LIST_TARGETS_OUT_FILE=${{ runner.temp }}/list-targets_out.txt
export LIST_TARGETS_ERR_FILE=${{ runner.temp }}/list-targets_err.txt
fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
if [[ $(grep -i "error" $LIST_TARGETS_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa list-targets ran with errors."
cat $LIST_TARGETS_ERR_FILE
echo "HAS_FOSSA_TARGETS=Error" >> "$GITHUB_OUTPUT"
elif [[ $(cat $LIST_TARGETS_OUT_FILE | wc -l) -gt 0 ]]
then
echo "::notice::Fossa found analysis targets."
cat $LIST_TARGETS_OUT_FILE
echo "HAS_FOSSA_TARGETS=True" >> "$GITHUB_OUTPUT"
else
echo "::warning::Fossa did not find any analysis targets."
echo "HAS_FOSSA_TARGETS=False" >> "$GITHUB_OUTPUT"
fi
- name: Set hasFossaTargets custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $ORG_ADMIN_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"hasFossaTargets","value":"'"${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS }}"'"}]}'
- id: fossa-analyze
name: Run fossa analyze
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'True'}}
run: |
export ANALYZE_OUT_FILE=${{ runner.temp }}/analyze_out.txt
export ANALZYE_ERR_FILE=${{ runner.temp }}/analyze_err.txt
fossa analyze --policy='New Relic Public Github' 1>$ANALYZE_OUT_FILE 2>$ANALZYE_ERR_FILE || true
if [[ $(grep -i "error" $ANALYZE_ERR_FILE | wc -l) -gt 0 ]]
then
echo "::error::fossa analyze ran with errors."
cat $ANALYZE_ERR_FILE
echo "FOSSA_ANALYZE_RESULT=Error" >> "$GITHUB_OUTPUT"
else
cat $ANALYZE_OUT_FILE
echo "FOSSA_ANALYZE_RESULT=Success" >> "$GITHUB_OUTPUT"
fi
- name: Set fossaAnalyzeResult custom property
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $ORG_ADMIN_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/$ORG/properties/values \
-d '{"repository_names":["'"${REPO##*/}"'"],"properties":[{"property_name":"fossaAnalyzeResult","value":"'"${{ steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT }}"'"}]}'
- name: Exit
if: ${{ steps.fossa-list-targets.outputs.HAS_FOSSA_TARGETS == 'Error' || steps.fossa-analyze.outputs.FOSSA_ANALYZE_RESULT == 'Error' }}
run: exit 1

Loading

0 comments on commit eebdaa7

Please sign in to comment.