Skip to content

Commit 58ee3e0

Browse files
author
ShiftLeft
committed
adding ShiftLeft GitHub action
1 parent 4956320 commit 58ee3e0

File tree

1 file changed

+59
-0
lines changed

1 file changed

+59
-0
lines changed

.github/workflows/shiftleft.yml

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
---
2+
# This workflow integrates ShiftLeft NG SAST with GitHub
3+
# Visit https://docs.shiftleft.io for help
4+
name: ShiftLeft
5+
6+
on:
7+
pull_request:
8+
workflow_dispatch:
9+
10+
jobs:
11+
NextGen-Static-Analysis:
12+
runs-on: ubuntu-latest
13+
steps:
14+
- uses: actions/checkout@v2
15+
# We are building this application with Java 11
16+
- name: Setup Java JDK
17+
uses: actions/[email protected]
18+
with:
19+
java-version: 11.0.x
20+
- name: Package with maven
21+
run: mvn compile package
22+
- name: Download ShiftLeft CLI
23+
run: |
24+
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
25+
# ShiftLeft requires Java 1.8. Post the package step override the version
26+
- name: Setup Java JDK
27+
uses: actions/[email protected]
28+
with:
29+
java-version: 1.8
30+
- name: Extract branch name
31+
shell: bash
32+
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
33+
id: extract_branch
34+
- name: NextGen Static Analysis
35+
run: ${GITHUB_WORKSPACE}/sl analyze --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg target/hello-shiftleft-0.0.1.jar
36+
env:
37+
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
38+
39+
Build-Rules:
40+
runs-on: ubuntu-latest
41+
needs: NextGen-Static-Analysis
42+
steps:
43+
- uses: actions/checkout@v2
44+
- name: Download ShiftLeft CLI
45+
run: |
46+
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
47+
- name: Validate Build Rules
48+
run: |
49+
${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \
50+
--branch "${{ github.head_ref || steps.extract_branch.outputs.branch }}" \
51+
--report \
52+
--github-pr-number=${{github.event.number}} \
53+
--github-pr-user=${{ github.repository_owner }} \
54+
--github-pr-repo=${{ github.event.repository.name }} \
55+
--github-token=${{ secrets.GITHUB_TOKEN }}
56+
env:
57+
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
58+
59+

0 commit comments

Comments
 (0)