build: add github actions for build, test, code scan, and release #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Fortify Scan | |
on: | |
workflow_dispatch: | |
workflow_call: | |
inputs: | |
identifier: | |
required: true | |
type: string | |
push: | |
branches-ignore: | |
- main | |
- release | |
permissions: | |
id-token: write | |
contents: read | |
concurrency: | |
group: ${{ inputs.identifier || github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: ${{ github.ref_name != 'main'}} | |
jobs: | |
fortify-scan: | |
runs-on: macos-latest | |
environment: Fortify | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3 | |
with: | |
persist-credentials: false | |
- name: Configure AWS credentials for fetching fortify resources | |
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
role-session-name: GHAFortifySession | |
role-duration-seconds: 900 | |
- name: Download License | |
run: | | |
aws s3 cp s3://${{ secrets.AWS_S3_FORTIFY_BUCKET }}${{ vars.LICENSE_PATH }} fortify.license | |
- name: Download Installer | |
run: | | |
aws s3 cp s3://${{ secrets.AWS_S3_FORTIFY_BUCKET }}${{ vars.INSTALLER_PATH }} Fortify_SCA_and_Apps_22.1.1_Mac.tar.gz | |
tar -xvf Fortify_SCA_and_Apps_22.1.1_Mac.tar.gz | |
unzip Fortify_SCA_and_Apps_22.1.1_osx_x64.app.zip | |
- name: Download Scripts | |
run: | | |
aws s3 cp s3://${{ secrets.AWS_S3_FORTIFY_BUCKET }}${{ vars.SCRIPTS_PATH }} liveness_swift_fortify_scan.sh | |
- name: Run Installer | |
run: | | |
Fortify_SCA_and_Apps_22.1.1_osx_x64.app/Contents/MacOS/installbuilder.sh --mode unattended --installdir ~/amplify-ui-swift-liveness/Fortify --InstallSamples 0 --fortify_license_path fortify.license --MigrateSCA 0 | |
export PATH=~/amplify-ui-swift-liveness/Fortify/bin:$PATH | |
fortifyupdate -acceptKey | |
sourceanalyzer -version | |
- name: Run Scan | |
run: | | |
export PATH=~/amplify-ui-swift-liveness/Fortify/bin:$PATH | |
sh ./liveness_swift_fortify_scan.sh Sources | |
confirm-pass: | |
runs-on: ubuntu-latest | |
name: Confirm Passing Fortify Scan | |
if: ${{ !cancelled() }} | |
needs: [ fortify-scan ] | |
env: | |
EXIT_CODE: ${{ contains(needs.*.result, 'failure') && 1 || 0 }} | |
steps: | |
- run: exit $EXIT_CODE |