Skip to content
Tests

Add test for trivy fs #126

Sign in to view logs

Add test for trivy fs

Add test for trivy fs #126

Workflow file for this run

.github/workflows/tests.yml at bbbd003
name: Tests
on:
push:
branches:
- main
pull_request:
defaults:
run:
shell: bash
jobs:
setup:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.output-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- name: Set up matrix
id: output-matrix
run: |
# Find all the directories in the testdata directory
DIRS="$(find ./testdata -type d)"
for dir in ${DIRS}; do
if [ "$(echo "${DIRS}" | grep -c "${dir}" || true)" -le 1 ]; then
DIRS_RESULT="${DIRS_RESULT}${dir},"
fi
done
# Build actions' matrix from testadata dirs
# e.x. ./testdata/config/terraform/with_detections => { "dir": "./testdata/config/terraform/with_detections", "command": "config", "type": "with_detections", "label": "config/terraform" }
MATRIX_JSON=$(echo "${DIRS_RESULT}" | sed 's/,$//' | sed 's/\\n//g' | jq -R -s -c 'split(",") | [.[] | {dir: ., command: split("/")[2], type: split("/")[4], label: [split("/")[2],split("/")[3]] | join("/")}]')
MATRIX="matrix={\"include\":${MATRIX_JSON}}" >> $GITHUB_OUTPUT
echo "${MATRIX}"
echo "${MATRIX}" >> $GITHUB_OUTPUT
test-check:
name: trivy (github-check)
runs-on: ubuntu-latest
needs: setup
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.setup.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- uses: ./
continue-on-error: true
id: test
with:
github_token: ${{ secrets.github_token }}
trivy_command: ${{ matrix.command }}
trivy_target: .
reporter: github-check
level: info
working_directory: ${{ matrix.dir }}
# The check is expected to fail on the test data
- name: Check return codes
if: success() || failure ()
run: |
check_type="${{ matrix.type }}"
trivy_return="${{ steps.test.outputs.trivy-return-code }}"
reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
if [[ "$check_type" = "with_detections" ]]; then
if [[ "$trivy_return" -eq 1 ]]; then
echo "trivy correctly returned failure: ${trivy_return}"
else
echo "trivy returned ${trivy_return}, expected '1'. Failing..."
exit 1
fi
else
if [[ "$trivy_return" -eq 0 ]]; then
echo "trivy correctly returned success: ${trivy_return}"
else
echo "trivy returned ${trivy_return}, expected '0'. Failing..."
exit 1
fi
fi
if [[ "$reviewdog_return" -eq 0 ]]; then
echo "reviewdog correctly returned success: ${reviewdog_return}"
else
echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
exit 1
fi
test-pr-check:
if: github.event_name == 'pull_request'
name: trivy (github-pr-check)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./
continue-on-error: true
id: test
with:
github_token: ${{ secrets.github_token }}
trivy_command: config
trivy_target: .
reporter: github-pr-check
level: info
working_directory: testdata/config/terraform/with_detections
# The check is expected to fail on the test data
- name: Check return codes
if: success() || failure ()
run: |
trivy_return="${{ steps.test.outputs.trivy-return-code }}"
reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
if [[ "$trivy_return" -eq 1 ]]; then
echo "trivy correctly returned failure ${trivy_return}"
else
echo "trivy returned ${trivy_return}, expected '1'. Failing..."
exit 1
fi
if [[ "$reviewdog_return" -eq 0 ]]; then
echo "reviewdog correctly returned success: ${reviewdog_return}"
else
echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
exit 1
fi
test-pr-review:
if: github.event_name == 'pull_request'
name: trivy (github-pr-review)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./
continue-on-error: true
id: test
with:
github_token: ${{ secrets.github_token }}
trivy_command: config
trivy_target: .
reporter: github-pr-review
level: info
working_directory: testdata/config/terraform/with_detections
# The check is expected to fail on the test data
# but for forked PRs reviewdog will just output
# on the PR and report success
- name: Check return codes
if: success() || failure ()
run: |
trivy_return="${{ steps.test.outputs.trivy-return-code }}"
reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
if [[ "$trivy_return" -eq 1 ]]; then
echo "trivy correctly returned failure ${trivy_return}"
else
echo "trivy returned ${trivy_return}, expected '1'. Failing..."
exit 1
fi
if [[ "$reviewdog_return" -eq 0 ]]; then
echo "reviewdog correctly returned success: ${reviewdog_return}"
else
echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
exit 1
fi
test-operating-systems:
strategy:
fail-fast: false
matrix:
platform: [ubuntu-latest, macos-latest, windows-latest]
name: trivy (${{ matrix.platform }})
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- uses: ./
continue-on-error: true
id: test
with:
github_token: ${{ secrets.github_token }}
trivy_command: config
trivy_target: .
reporter: github-check
level: info
working_directory: testdata/config/terraform/with_detections
# The check is expected to fail on the test data
- name: Check return codes
if: success() || failure ()
run: |
trivy_return="${{ steps.test.outputs.trivy-return-code }}"
reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
if [[ "$trivy_return" -eq 1 ]]; then
echo "trivy correctly returned failure ${trivy_return}"
else
echo "trivy returned ${trivy_return}, expected '1'. Failing..."
exit 1
fi
if [[ "$reviewdog_return" -eq 0 ]]; then
echo "reviewdog correctly returned success: ${reviewdog_return}"
else
echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
exit 1
fi