Bump @types/node from 20.12.13 to 22.7.0 #288
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "build-test" | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| # make sure build/ci work properly | |
| runs-on: ubuntu-latest | |
| env: | |
| MAYHEM_TOKEN: ${{ secrets.MAYHEM_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # fetch entire history to compute diffs between jobs | |
| fetch-depth: 0 | |
| - run: | | |
| npm install | |
| - run: | | |
| npm run all | |
| test-some-outputs: | |
| # make sure the action works on a clean machine without building | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # fetch entire history to compute diffs between jobs | |
| fetch-depth: 0 | |
| - uses: ./ | |
| id: mcode-action | |
| with: | |
| mayhem-url: ${{ secrets.MAYHEM_URL }} | |
| mayhem-token: ${{ secrets.MAYHEM_TOKEN }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| sarif-output: out/sarif/ | |
| package: __tests__/lighttpd | |
| args: --image forallsecure/lighttpd:vulnerable --duration 60 | |
| - name: Upload SARIF file(s) | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: out/sarif | |
| - name: Print runId (${{ steps.mcode-action.outputs.runId }}) and test it's non-empty | |
| run: | | |
| [ -z "${{ steps.mcode-action.outputs.runId }}" ] && echo "runId was blank!" && exit 1; | |
| echo "The run id was: ${{ steps.mcode-action.outputs.runId }}" | |
| test-all-outputs: | |
| # make sure the action works on a clean machine without building | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # fetch entire history to compute diffs between jobs | |
| fetch-depth: 0 | |
| - uses: ./ | |
| id: mcode-action | |
| with: | |
| mayhem-url: ${{ secrets.MAYHEM_URL }} | |
| mayhem-token: ${{ secrets.MAYHEM_TOKEN }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| junit-output: out/junit/ | |
| sarif-output: out/sarif/ | |
| coverage-output: out/coverage/ | |
| package: __tests__/lighttpd | |
| args: --image forallsecure/lighttpd:vulnerable --duration 60 | |
| - name: Archive Coverage report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-report | |
| path: out/coverage/ | |
| if-no-files-found: error | |
| - name: Archive JUnit results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mcode-junit | |
| path: out/junit/ | |
| if-no-files-found: error | |
| - name: Upload SARIF file(s) | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: out/sarif | |
| - name: Print runId (${{ steps.mcode-action.outputs.runId }}) and test it's non-empty | |
| run: | | |
| [ -z "${{ steps.mcode-action.outputs.runId }}" ] && echo "runId was blank!" && exit 1; | |
| echo "The run id was: ${{ steps.mcode-action.outputs.runId }}" | |
| test-no-outputs: | |
| # make sure the action works on a clean machine without building | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # fetch entire history to compute diffs between jobs | |
| fetch-depth: 0 | |
| - uses: ./ | |
| id: mcode-action | |
| with: | |
| mayhem-url: ${{ secrets.MAYHEM_URL }} | |
| mayhem-token: ${{ secrets.MAYHEM_TOKEN }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| package: __tests__/lighttpd | |
| args: --image forallsecure/lighttpd:vulnerable --duration 60 | |
| - name: Print runId (${{ steps.mcode-action.outputs.runId }}) and test it's non-empty | |
| run: | | |
| [ -z "${{ steps.mcode-action.outputs.runId }}" ] && echo "runId was blank!" && exit 1; | |
| echo "The run id was: ${{ steps.mcode-action.outputs.runId }}" | |
| # note: requires human inspection by checking the output and seeing the overrided inputs are picked up. | |
| test-override-inputs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # fetch entire history to compute diffs between jobs | |
| fetch-depth: 0 | |
| - uses: ./ | |
| id: mcode-action | |
| with: | |
| mayhem-url: ${{ secrets.MAYHEM_URL }} | |
| mayhem-token: ${{ secrets.MAYHEM_TOKEN }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| package: __tests__/lighttpd | |
| args: --image forallsecure/lighttpd:vulnerable --duration 60 | |
| # override the default owner which is forallsecure | |
| # the secrets.MAYHEM_TOKEN is this case is owned by mcode-action, which is why we choose that owner here | |
| owner: mcode-action | |
| # override default verbosity which is info (contrary to what the `action.yml` says: https://github.com/ForAllSecure/mcode-action/blob/806778bb4a79d793f678087d0f9f3ff18f9a2d93/src/main.ts#L36) | |
| verbosity: debug | |
| # already covered and skipped in this test: mayhem-token, mayhem-url, github-token, sarif|junit|coverage-output, args | |
| - name: Print runId (${{ steps.mcode-action.outputs.runId }}) and test it's non-empty | |
| run: | | |
| [ -z "${{ steps.mcode-action.outputs.runId }}" ] && echo "runId was blank!" && exit 1; | |
| echo "The run id was: ${{ steps.mcode-action.outputs.runId }}" | |
| test-fail-on-defects: | |
| # make sure the action works on a clean machine without building | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # fetch entire history to compute diffs between jobs | |
| fetch-depth: 0 | |
| - uses: ./ | |
| id: mcode-action | |
| continue-on-error: true | |
| with: | |
| mayhem-url: ${{ secrets.MAYHEM_URL }} | |
| mayhem-token: ${{ secrets.MAYHEM_TOKEN }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| package: __tests__/mayhemit | |
| args: --image forallsecure/c-base-executable:latest --duration 60 | |
| fail-on-defects: true | |
| # Previous step should fail | |
| - name: Invert success and failure | |
| run: if [[ ${{ steps.mcode-action.outcome }} == "failure" ]]; then exit 0; else exit 1; fi | |
| - name: Print runId (${{ steps.mcode-action.outputs.runId }}) and test it's non-empty | |
| run: | | |
| [ -z "${{ steps.mcode-action.outputs.runId }}" ] && echo "runId was blank!" && exit 1; | |
| echo "The run id was: ${{ steps.mcode-action.outputs.runId }}" |