From 7e9e5f005adac065166f5cc53fbaca420d89e26d Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 1 Aug 2022 15:44:57 +0530 Subject: [PATCH 01/13] adding ShiftLeft GitHub action --- .github/workflows/shiftleft.yml | 61 +++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/shiftleft.yml diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml new file mode 100644 index 00000000..50771ab2 --- /dev/null +++ b/.github/workflows/shiftleft.yml @@ -0,0 +1,61 @@ +--- +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: ShiftLeft + +on: + pull_request: + workflow_dispatch: + +jobs: + NextGen-Static-Analysis: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: NextGen Static Analysis + run: | + pip install --upgrade setuptools wheel + pip install -r requirements.txt + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-python-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --python $(pwd) + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + if: + ${{ hashFiles('requirements.txt') != '' }} + - name: Legacy Static Analysis + run: | + echo "Please update your `shiftleft-python-demo` fork!" + ${GITHUB_WORKSPACE}/sl analyze --strict --wait --no-cpg --app shiftleft-python-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --python $(pwd) + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + if: + ${{ hashFiles('requirements.txt') == '' }} + Build-Rules: + runs-on: ubuntu-latest + needs: NextGen-Static-Analysis + steps: + - uses: actions/checkout@v2 + - name: Download ShiftLeft CLI + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Validate Build Rules + run: | + ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-python-demo \ + --branch "${{ github.head_ref || steps.extract_branch.outputs.branch }}" \ + --report \ + --github-pr-number=${{github.event.number}} \ + --github-pr-user=${{ github.repository_owner }} \ + --github-pr-repo=${{ github.event.repository.name }} \ + --github-token=${{ secrets.GITHUB_TOKEN }} + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + + \ No newline at end of file From d739e26e9d5cb784cfbfb3a020e681454cc4a0ef Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 2 Aug 2022 18:44:09 +0530 Subject: [PATCH 02/13] adding ShiftLeft GitHub action From c5ce658091a5674fbb62e128ab48f6cad00fa6f3 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 2 Aug 2022 22:33:00 +0530 Subject: [PATCH 03/13] adding ShiftLeft GitHub action From 7f3c66336948bbe267f289d8482557995e7afb2f Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 2 Aug 2022 22:45:25 +0530 Subject: [PATCH 04/13] adding ShiftLeft GitHub action From a00cdadcc55309b1ba6fbc69355c2fed6db50f30 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Wed, 3 Aug 2022 03:02:29 +0530 Subject: [PATCH 05/13] adding ShiftLeft GitHub action From ef48313aad09a083b9ff81b8a4c0a08d6dc1de21 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Fri, 5 Aug 2022 10:21:42 +0530 Subject: [PATCH 06/13] adding ShiftLeft GitHub action From 1cdcc5535885b23a3c2b4d721ee6fe1584fc48d3 Mon Sep 17 00:00:00 2001 From: srinivas2580devops <83953904+srinivas2580devops@users.noreply.github.com> Date: Mon, 8 Aug 2022 11:31:33 +0530 Subject: [PATCH 07/13] Create python-app.yml --- .github/workflows/python-app.yml | 39 ++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/python-app.yml diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml new file mode 100644 index 00000000..cb079043 --- /dev/null +++ b/.github/workflows/python-app.yml @@ -0,0 +1,39 @@ +# This workflow will install Python dependencies, run tests and lint with a single version of Python +# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions + +name: Python application + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +permissions: + contents: read + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Set up Python 3.10 + uses: actions/setup-python@v3 + with: + python-version: "3.10" + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install flake8 pytest + if [ -f requirements.txt ]; then pip install -r requirements.txt; fi + - name: Lint with flake8 + run: | + # stop the build if there are Python syntax errors or undefined names + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + - name: Test with pytest + run: | + pytest From bea177faae9ec344934abe56a0710dad712808c3 Mon Sep 17 00:00:00 2001 From: srinivas2580devops <83953904+srinivas2580devops@users.noreply.github.com> Date: Mon, 8 Aug 2022 11:32:49 +0530 Subject: [PATCH 08/13] Delete python-app.yml --- .github/workflows/python-app.yml | 39 -------------------------------- 1 file changed, 39 deletions(-) delete mode 100644 .github/workflows/python-app.yml diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml deleted file mode 100644 index cb079043..00000000 --- a/.github/workflows/python-app.yml +++ /dev/null @@ -1,39 +0,0 @@ -# This workflow will install Python dependencies, run tests and lint with a single version of Python -# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions - -name: Python application - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -permissions: - contents: read - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - name: Set up Python 3.10 - uses: actions/setup-python@v3 - with: - python-version: "3.10" - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install flake8 pytest - if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - - name: Lint with flake8 - run: | - # stop the build if there are Python syntax errors or undefined names - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics - - name: Test with pytest - run: | - pytest From 557346bfd84065414c9d96bcee4f9e1b7ab5d0a5 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 8 Aug 2022 11:51:14 +0530 Subject: [PATCH 09/13] adding ShiftLeft GitHub action From 0775615c331b74c85936388985f7557e3d61ec14 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 8 Aug 2022 14:20:03 +0530 Subject: [PATCH 10/13] adding ShiftLeft GitHub action From 1c6f2229b5f8eea5270cbfd20a4537aed8a0147c Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 22 Aug 2022 12:45:45 +0530 Subject: [PATCH 11/13] adding ShiftLeft GitHub action From 2c708c2ecf1b94c344474a4615b35a68430a3f39 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 22 Aug 2022 12:54:48 +0530 Subject: [PATCH 12/13] adding ShiftLeft GitHub action From 200fe42f35ab0ce0661a5183d9a5250714d69a9d Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Mon, 22 Aug 2022 12:55:07 +0530 Subject: [PATCH 13/13] adding ShiftLeft GitHub action