-
Notifications
You must be signed in to change notification settings - Fork 7
84 lines (78 loc) · 2.51 KB
/
sca-command.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: ChatOPS SCA
run-name: "On demand SCA test for PR - (#${{ github.event.inputs.pr-id }}) ${{ github.event.inputs.pr-title }}"
permissions:
contents: read
on:
workflow_dispatch:
inputs:
pr-id:
description: ID of the PR that triggered this workflow
type: string
required: true
pr-title:
description: Title of the PR that triggered this workflow
type: string
required: true
comment-id:
description: "The comment-id of the slash command"
type: string
required: true
branch:
description: Branch on which the tests should run
type: string
default: main
repository:
description: Repository on which the tests should run
type: string
required: false
jobs:
init:
name: Add a comment to originating PR with job ID
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
outputs:
paths: ${{ steps.paths_reformat.outputs.paths }}
steps:
- name: add comment
uses: peter-evans/create-or-update-comment@v3
with:
comment-id: ${{ inputs.comment-id }}
issue-number: ${{ inputs.pr-id }}
body: |
> Testing job ID: [${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
- name: reformat paths input property
id: paths_reformat
env:
IN_PATHS: ${{ inputs.paths }}
run: echo "paths=$(echo $IN_PATHS | tr " " "," )" >> $GITHUB_OUTPUT
test:
name: Run SCA test
needs: init
permissions:
contents: read
uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/[email protected]
secrets: inherit
with:
pre-commit-hooks: terraform_fmt terraform_docs terraform_tflint checkov
branch: ${{ inputs.branch }}
repository: ${{ inputs.repository }}
finish_comment_pr:
name: Add a comment to originating PR
needs: test
if: always()
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: add comment
uses: peter-evans/create-or-update-comment@v3
with:
comment-id: ${{ inputs.comment-id }}
issue-number: ${{ inputs.pr-id }}
body: |
> Job result: ${{ needs.test.result == 'success' && 'SUCCESS' || 'FAILURE' }}
reactions: ${{ needs.test.result == 'success' && '+1' || '-1' }}
reactions-edit-mode: replace