-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yml
81 lines (72 loc) · 3.1 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
name: Coverity on Polaris SAST
description: Run Coverity on Polaris static application security test
inputs:
api_url:
description: |
Coverity on Polaris API URL
Usually something along the lines of https://{instance_name}.polaris.synopsys.com
required: true
access_token:
description: 'Polaris access token'
required: true
windows_install_into_temp:
description: |
Set to "true" to enable
Windows Only: Should Coverity on Polaris be installed into a temporary folder in TEMP
Normal github private runners only have 14GB of space, if you have a huge repository, or build big binaries, you might run out of space on the scratch disk.
There is more space available on the system disk where the TEMP location is.
required: false
runs:
using: 'composite'
steps:
- if: runner.os == 'Linux'
shell: bash
env:
DOTNET_NOLOGO: 1
DOTNET_CLI_TELEMETRY_OPTOUT: 1
POLARIS_ACCESS_TOKEN: ${{ inputs.access_token }}
GIT_BRANCH: ${{ github.ref_name }}
run: |
echo Downloading Polaris CLI
wget -q ${{ inputs.api_url }}/api/tools/v2/downloads/polaris_cli-linux64.zip
echo Unzipping Polaris CLI
unzip -j polaris_cli-linux64.zip -d /tmp/polari_cli
echo Removing archive
unlink polaris_cli-linux64.zip
echo Starting analysis
/tmp/polari_cli/polaris analyze --upload-local-config
echo Removing Polaris CLI
rm -rf /tmp/polari_cli
# Creates a new directory in TEMP, and sets POLARIS_HOME to be that directory
# this should install coverity on polaris into that directory instead of the current working directory
- if: ${{ 'true' == inputs.windows_install_into_temp && runner.os == 'Windows' }}
shell: pwsh
run: |
function New-TemporaryDirectory {
$parent = [System.IO.Path]::GetTempPath()
$name = [System.IO.Path]::GetRandomFileName()
New-Item -ItemType Directory -Path (Join-Path $parent $name)
}
$tempdir = New-TemporaryDirectory
echo "POLARIS_HOME=$tempdir" >> $env:GITHUB_ENV
- if: runner.os == 'Windows'
shell: pwsh
env:
DOTNET_NOLOGO: 1
DOTNET_CLI_TELEMETRY_OPTOUT: 1
POLARIS_ACCESS_TOKEN: ${{ inputs.access_token }}
GIT_BRANCH: ${{ github.ref_name }}
run: |
Write-Host "Downloading Polaris CLI"
$polarisCliZipPath = Join-Path $env:TEMP "polaris_cli-win64.zip"
Invoke-WebRequest -Uri "${{ inputs.api_url }}/api/tools/v2/downloads/polaris_cli-win64.zip" -OutFile $polarisCliZipPath
Write-Host "Unzipping Polaris CLI"
$polarisCliUnzipPath = Join-Path $env:TEMP "polaris_cli"
Expand-Archive -Path $polarisCliZipPath -DestinationPath $polarisCliUnzipPath
Write-Host "Running Polaris Analysis"
& (Get-ChildItem -Path $polarisCliUnzipPath -Recurse -Filter polaris.exe | Select-Object -First 1).FullName analyze --upload-local-config
Write-Host "Removing Polaris CLI"
Remove-Item -Recurse -Force $polarisCliUnzipPath
branding:
icon: 'shield'
color: 'purple'