Add SAST with Octoscan #51
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow | |
| name: Test Plugins | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| PR_NUMBER: | |
| description: The PR number to test | |
| required: true | |
| permissions: | |
| pull-requests: write | |
| jobs: | |
| test: | |
| name: ${{ matrix.plugin }} | |
| if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'johnbillion/plugin-infrastructure' || github.event_name == 'workflow_dispatch' | |
| strategy: | |
| matrix: | |
| plugin: | |
| - extended-cpts | |
| - query-monitor | |
| - user-switching | |
| - wp-crontrol | |
| fail-fast: false | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Dump GitHub context | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| run: echo "$GITHUB_CONTEXT" | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: johnbillion/${{ matrix.plugin }} | |
| token: ${{ secrets.PLUGINS_PUSH_TOKEN }} | |
| - name: Fetch the PR data | |
| uses: actions/github-script@v7 | |
| id: pr-data | |
| with: | |
| script: | #js | |
| const pr = await github.rest.pulls.get({ | |
| owner: 'johnbillion', | |
| repo: 'plugin-infrastructure', | |
| pull_number: ${{ env.PR_NUMBER }}, | |
| }); | |
| return { | |
| head_repo: pr.data.head.repo.full_name, | |
| head_branch: pr.data.head.ref, | |
| head_sha: pr.data.head.sha, | |
| pr_number: pr.data.number, | |
| pr_link: pr.data.html_url, | |
| }; | |
| github-token: ${{ secrets.PLUGINS_PUSH_TOKEN }} | |
| env: | |
| PR_NUMBER: ${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.event.inputs.PR_NUMBER }} | |
| - name: Update tests references | |
| run: | #shell | |
| if [ -f .github/workflows/acceptance-tests.yml ]; then | |
| sed -i 's|johnbillion/plugin-infrastructure/.github/workflows/reusable-acceptance-tests.yml@trunk|${{ env.HEAD_REPO }}/.github/workflows/reusable-acceptance-tests.yml@${{ env.SHA_REF }}|g' .github/workflows/acceptance-tests.yml | |
| fi | |
| if [ -f .github/workflows/coding-standards.yml ]; then | |
| sed -i 's|johnbillion/plugin-infrastructure/.github/workflows/reusable-coding-standards.yml@trunk|${{ env.HEAD_REPO }}/.github/workflows/reusable-coding-standards.yml@${{ env.SHA_REF }}|g' .github/workflows/coding-standards.yml | |
| fi | |
| if [ -f .github/workflows/integration-tests.yml ]; then | |
| sed -i 's|johnbillion/plugin-infrastructure/.github/workflows/reusable-integration-tests.yml@trunk|${{ env.HEAD_REPO }}/.github/workflows/reusable-integration-tests.yml@${{ env.SHA_REF }}|g' .github/workflows/integration-tests.yml | |
| fi | |
| if [ "${{ env.HEAD_REPO }}" == "johnbillion/plugin-infrastructure" ]; then | |
| sed -i 's|"johnbillion/plugin-infrastructure": "dev-trunk"|"johnbillion/plugin-infrastructure": "dev-${{ env.HEAD_BRANCH }}"|g' composer.json | |
| fi | |
| env: | |
| HEAD_BRANCH: ${{ fromJson( steps.pr-data.outputs.result ).head_branch }} | |
| HEAD_REPO: ${{ fromJson( steps.pr-data.outputs.result ).head_repo }} | |
| SHA_REF: ${{ fromJson( steps.pr-data.outputs.result ).head_sha }} | |
| - name: Check the changed files | |
| run: | #shell | |
| git diff | |
| git status | |
| - name: Open PR | |
| uses: peter-evans/create-pull-request@v6 | |
| id: cpr | |
| with: | |
| token: ${{ secrets.PLUGINS_PUSH_TOKEN }} | |
| commit-message: Update Plugin Infrastructure to ${{ env.SHA_REF }} | |
| title: Test with ${{ env.HEAD_REPO }}@${{ env.BRANCH_REF }} | |
| body: | #markdown | |
| This PR updates [Plugin Infrastructure](https://github.com/johnbillion/plugin-infrastructure) to `${{ env.HEAD_REPO }}@${{ env.BRANCH_REF }}` for testing purposes. This PR should not be merged. | |
| See ${{ env.PR_LINK }} for more details. | |
| This is an automated PR created by [the Test Plugins workflow](https://github.com/johnbillion/plugin-infrastructure/actions/workflows/test-plugins.yml). | |
| branch: update-plugin-infrastructure/${{ env.HEAD_REPO }}/${{ env.BRANCH_REF }} | |
| draft: true | |
| env: | |
| HEAD_REPO: ${{ fromJson( steps.pr-data.outputs.result ).head_repo }} | |
| SHA_REF: ${{ fromJson( steps.pr-data.outputs.result ).head_sha }} | |
| BRANCH_REF: ${{ fromJson( steps.pr-data.outputs.result ).head_branch }} | |
| PR_LINK: ${{ fromJson( steps.pr-data.outputs.result ).pr_link }} | |
| - name: Add PR link to the summary | |
| run: | #shell | |
| echo "${{ steps.cpr.outputs.pull-request-url }}" >> $GITHUB_STEP_SUMMARY | |
| - name: Set labels | |
| run: | #shell | |
| gh --repo johnbillion/plugin-infrastructure label create "pr:${{ matrix.plugin }}:${{ steps.cpr.outputs.pull-request-number }}" --force --color FEF2C0 | |
| gh --repo johnbillion/plugin-infrastructure pr edit ${{ env.PR_NUMBER }} --add-label "pr:${{ matrix.plugin }}:${{ steps.cpr.outputs.pull-request-number }}" | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| PR_NUMBER: ${{ fromJson( steps.pr-data.outputs.result ).pr_number }} |