Skip to content

Added project auto-creation ability if specified project does not exist #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bkundu929 merged 7 commits into from
Oct 17, 2024
Merged

Added project auto-creation ability if specified project does not exist #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f40cef4
Test: Added auto-project creation functionality
bkundu929 Oct 15, 2024
42e5c87
Test: Fixed project auto-creation
bkundu929 Oct 15, 2024
3e94c59
Added project auto-creation logic if non-existing
bkundu929 Oct 16, 2024
55fd440
Revert test changes to `main.yml` and updated README
bkundu929 Oct 16, 2024
4cc7cb1
Addressing Tyler's feedback
bkundu929 Oct 17, 2024
6957fc9
Minor update to superscript formatting in README
bkundu929 Oct 17, 2024
5b965bd
Phrasing changes and included `dist` folder changes
bkundu929 Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,17 @@ jobs:
- uses: actions/checkout@v2
with:
path: 'codedx-action'

- uses: actions/checkout@v2
with:
repository: 'WebGoat/WebGoat'
path: 'webgoat'

- run: |
wget -q https://github.com/pmd/pmd/releases/download/pmd_releases%2F6.38.0/pmd-bin-6.38.0.zip
unzip pmd-bin-6.38.0.zip
./pmd-bin-6.38.0/bin/run.sh pmd -d webgoat -f sarif -R rulesets/java/quickstart.xml -r pmd-sarif.json -failOnViolation false

- name: SRM Upload
uses: './codedx-action'
with:
Expand All @@ -39,4 +39,4 @@ jobs:
source-and-binaries-glob: 'webgoat/**'
tool-outputs-glob: 'pmd-sarif.json'
wait-for-completion: false
ca-cert: ${{ secrets.CDX_CERT }}
ca-cert: ${{ secrets.CDX_CERT }}
35 changes: 20 additions & 15 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# GitHub Action for SRM

This GitHub action can be used to push source code, binaries, and scan results to an [SRM](https://www.synopsys.com/software-integrity/software-risk-manager.html) instance from within a GitHub workflow; source and binaries are automatically scanned by SRM using its built-in analysis tools.
This GitHub action can be used to push source code, binaries, and scan results to an [SRM](https://www.blackduck.com/software-risk-manager.html) instance from within a GitHub workflow; source and binaries are automatically scanned by SRM using its built-in analysis tools.

## Features and Behavior

Expand All @@ -23,23 +23,28 @@ The workflow will be set to fail if:

## Action Inputs

| Input Name | Description | Default Value | Required |
|----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|-----------------|
| `server-url` | The URL for the SRM server (typically ends with `/srm`) | | Yes |
| `api-key` | An API Key or Personal Access Token to use when connecting to SRM | | Yes |
| `project-id` | The ID of a project (an integer) created in SRM | `undefined` | Yes<sup>1</sup> |
| `project-name` | The name of a project created in SRM | `undefined` | Yes<sup>1</sup> |
| `base-branch-name` | The parent branch name of a project created in SRM | `undefined` | No<sup>2</sup> |
| `target-branch-name` | The target branch name of a project created in SRM. <br/>SRM automatically creates the branch if it does not exist yet in the project, and the new branch will be created from `base-branch-name` | `undefined` | No |
| `source-and-binaries-glob` | A comma-separated-list of file globs matching source and binary files to be packaged and sent to SRM | `undefined` | No |
| `tool-outputs-glob` | A comma-separated list of file globs matching tool output/scan result files | `undefined` | No |
| `wait-for-completion` | Whether to wait for the analysis to complete before exiting | `false` | No |
| `ca-cert` | A custom CA cert to use for HTTPS connections to SRM | `undefined` | No |
| `dry-run` | Whether to submit an analysis (false/undefined) or only test the connection and credentials (true) | `undefined` | No |
| Input Name | Description | Default Value | Required |
|----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|--------------------------------|
| `server-url` | The URL for the SRM server (typically ends with `/srm`) | | Yes |
| `api-key` | An API Key or Personal Access Token to use when connecting to SRM | | Yes |
| `project-id` | The ID of a project (an integer) created in SRM | `undefined` | Yes<sup>[1]</sup> |
| `project-name` | The name of a project created in SRM | `undefined` | Yes<sup>[1]</sup> |
| `auto-create-project` | Whether SRM should automatically create a project with the given `project-name` if it does not yet exist. | `false` | No<sup>[2]</sup> |
| `base-branch-name` | The parent branch name of a project created in SRM | `undefined` | No<sup>[2]</sup><sup>[3]</sup> |
| `target-branch-name` | The target branch name of a project created in SRM. <br/>SRM automatically creates the branch if it does not exist yet in the project, and the new branch will be created from `base-branch-name` | `undefined` | No<sup>[2]</sup> |
| `source-and-binaries-glob` | A comma-separated-list of file globs matching source and binary files to be packaged and sent to SRM | `undefined` | No |
| `tool-outputs-glob` | A comma-separated list of file globs matching tool output/scan result files | `undefined` | No |
| `wait-for-completion` | Whether to wait for the analysis to complete before exiting | `false` | No |
| `ca-cert` | A custom CA cert to use for HTTPS connections to SRM | `undefined` | No |
| `dry-run` | Whether to submit an analysis (false/undefined) or only test the connection and credentials (true) | `undefined` | No |

**Notes**
1. Either `project-id` or `project-name` is required. An error will be thrown if neither is specified or both are specified.
2. `base-branch-name` is required if `target-branch-name` is specified and doesn't exist yet in the project.
2. If `auto-create-project` is set to true, SRM will automatically create the project if it does not yet exist.
The `base-branch-name` will be used as the default branch, and `target-branch-name` will be used as the analysis branch.
If neither is specified, it will simply use the default branch.
If only one of the branches is specified, it will throw error during project creation.
3. `base-branch-name` is required if `target-branch-name` is specified and doesn't exist yet in the project.

## Sample Workflow

Expand Down
4 changes: 4 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ inputs:
project-name:
description: 'the name of a project created in SRM. This is required if `project-id` is not specified.'
required: false
auto-create-project:
description: 'whether SRM should automatically create a project with the given `project-name` if it does not yet exist.'
required: false
default: false
base-branch-name:
description: 'the parent branch name of a project created in SRM'
required: false
Expand Down
11 changes: 10 additions & 1 deletion analyze.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,16 @@ async function getProjectId(config, client) {
if (matchedProjectIds.length == 1) {
return matchedProjectIds[0]
} else if (matchedProjectIds.length == 0) {
throw new Error(`No projects with the name '${config.projectName}'.`)
if (config.autoCreateProject) {
core.info(`Found 'auto-create-project: true'`)
core.info(`No project found with the name '${config.projectName}'. Creating the project...`)
const createdProject = await client.createSrmProject(config)
core.info(`Created project '${createdProject.name}' (projectId = ${createdProject.id})`)
return createdProject.id
} else {
core.info(`Found 'auto-create-project: false'`)
throw new Error(`No project found with the name '${config.projectName}'. (Note: To auto-create missing projects, set 'auto-create-project' to 'true'.)`)
}
} else {
throw new Error(`Multiple projects with the name '${config.projectName}'. Unable to determine which project to use. Try specifying with 'project-id' instead.`)
}
Expand Down
3 changes: 2 additions & 1 deletion config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ class Config {
this.apiKey = core.getInput('api-key', { required: true })
this.projectId = core.getInput('project-id')
this.projectName = core.getInput('project-name')
this.autoCreateProject = core.getInput('auto-create-project')
this.baseBranchName = core.getInput('base-branch-name')
this.targetBranchName = core.getInput('target-branch-name')
this.inputGlobs = core.getInput('source-and-binaries-glob')
Expand All @@ -32,9 +33,9 @@ class Config {
}

sanitize() {
fixBoolean(this, 'autoCreateProject')
fixBoolean(this, 'waitForCompletion')
fixBoolean(this, 'dryRun')
fixBoolean(this, 'requireInputFiles')
Comment thread
bkundu929 marked this conversation as resolved.

this.inputGlobs = this.inputGlobs.trim()

Expand Down
Loading