Trying more things #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check binaries | |
| # on: | |
| # pull_request: | |
| # branches: | |
| # - develop | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| text: | |
| description: 'Dummy text' | |
| default: 'No text' | |
| push: | |
| branches: | |
| - test-check | |
| # schedule: | |
| # - cron: "* * * * *"s | |
| jobs: | |
| check-for-vulnerabilities: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| report_contents: ${{ steps.save-output.outputs.report_contents }} | |
| steps: | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - uses: actions/checkout@v4 | |
| - uses: robinraju/[email protected] | |
| with: | |
| latest: true | |
| fileName: 'aws-lambda-rie*' | |
| out-file-path: "bin" | |
| - name: Run check for vulnerabilities | |
| id: check-binaries | |
| run: | | |
| make check-binaries | |
| - if: always() && failure() # Failure means there are vulnerabilities | |
| id: save-output | |
| name: Save output contents | |
| run: | | |
| report_csv="$(ls -tr output.cve-bin-*.csv 2>/dev/null | tail -n1)" # last file generated | |
| echo "Vulnerabilities stored in $report_csv" | |
| report="${report_csv}.txt" | |
| awk -F',' '{n=split($10, path, "/"); print $2,$3,$4,$5,path[n]}' "$report_csv" | column -t > "$report" # make the CSV nicer | |
| echo "report_contents<<EOF" >> "$GITHUB_OUTPUT" | |
| cat "$report" >> "$GITHUB_OUTPUT" | |
| echo "EOF" >> "$GITHUB_OUTPUT" | |
| - if: always() && steps.save-output.outputs.report_contents != '' | |
| name: Build new version and check | |
| id: check-new-version | |
| run: | | |
| mkdir ./bin2 | |
| mv ./bin/* ./bin2 | |
| make compile-with-docker-all | |
| latest_version=$(strings bin/aws-lambda-rie* | grep '^go1\.' | sort | uniq) | |
| echo "latest_version=$latest_version" | |
| make check-binaries | |
| - if: always() | |
| name: Save output for new version | |
| id: save-new-version | |
| run: | | |
| exit_code=$? | |
| if [ "${{ steps.check-new-version.outcome }}" != "success" ]; then | |
| fixed="No" | |
| else | |
| fixed="Yes" | |
| fi | |
| echo "fixed=$fixed" >> "$GITHUB_OUTPUT" | |
| echo "Fixed=$fixed" | |
| echo "OUTCOME=${{ steps.check-new-version.outcome }}" | |
| echo "latest-version: ${{ steps.check-new-version.outputs.latest_version }}" | |
| echo "REPORT=[${{ steps.save-output.outputs.report_contents }}" | |
| - if: always() | |
| name: Second step | |
| id: second-step | |
| run: | | |
| echo "Echo echo echo **${{ steps.check-new-version.outputs.fixed }}**" | |
| # - if: always() | |
| # name: Create Issue | |
| # id: create-issue | |
| # uses: dacbd/create-issue-action@main | |
| # with: | |
| # token: ${{ github.token }} | |
| # title: | | |
| # CVEs found in latest RIE release | |
| # body: | | |
| # ## CVEs found in latest RIE release: | |
| # > **${{ steps.save-output.outputs.report_contents }}** | |
| # #### Is this fixed by just updating to the latest Go version (${{ steps.check-new-version.outputs.latest_version }})?): | |
| # **${{ steps.check-new-version.outputs.fixed }}** |