Update checkmarx ast cli #28767
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update checkmarx ast cli | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 * * * *' | |
| jobs: | |
| updateCheckmarxJenkins: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| - name: Install Git LFS | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install git-lfs | |
| git lfs install | |
| - name: Configure Git user | |
| run: | | |
| git config --global user.name github-actions | |
| git config --global user.email github-actions@github.com | |
| - name: Get Latest Checkmarx API version | |
| id: checkmarx-ast-cli | |
| run: | | |
| echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/checkmarx/ast-cli/releases/latest | jq -r ".tag_name") | |
| echo ::set-output name=current_tag::$(<checkmarx-ast-cli.version) | |
| - name: Update Checkmarx cli version | |
| if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag | |
| env: | |
| RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }} | |
| run: | | |
| # Update current release | |
| echo ${{ steps.checkmarx-ast-cli.outputs.release_tag }} > checkmarx-ast-cli.version | |
| - name: Download latest cli and update branch | |
| if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag | |
| run: | | |
| # Update binaries | |
| chmod +x ./.github/scripts/update_cli.sh | |
| ./.github/scripts/update_cli.sh ${{ steps.checkmarx-ast-cli.outputs.release_tag }} | |
| - name: Track large files with Git LFS | |
| if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag | |
| run: | | |
| git lfs track "src/main/resources/cx-linux" | |
| git lfs track "src/main/resources/cx.exe" | |
| git lfs track "src/main/resources/cx-mac" | |
| git add .gitattributes | |
| git add src/main/resources/cx-linux src/main/resources/cx.exe src/main/resources/cx-mac | |
| git commit -m "Track Checkmarx CLI binaries with Git LFS" | |
| - name: Create Pull Request | |
| if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag | |
| uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 #v6 | |
| with: | |
| token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
| commit-message: Update checkmarx-ast-cli to ${{ steps.checkmarx-ast-cli.outputs.release_tag }} | |
| title: Update checkmarx-ast-cli binaries with ${{ steps.checkmarx-ast-cli.outputs.release_tag }} | |
| body: | | |
| Updates [checkmarx-ast-cli][1] to ${{ steps.checkmarx-ast-cli.outputs.release_tag }} | |
| Auto-generated by [create-pull-request][2] | |
| [1]: https://github.com/Checkmarx/checkmarx-ast-cli | |
| labels: cxone | |
| branch: feature/update_cli |