Skip to content

Run A SeaLights Scan Main Branch After A Pull Request Has Been Merged #5

Run A SeaLights Scan Main Branch After A Pull Request Has Been Merged

Run A SeaLights Scan Main Branch After A Pull Request Has Been Merged #5

name: Run A SeaLights Scan Main Branch After A Pull Request Has Been Merged
on:
workflow_run:
workflows:
- Trigger on PR Merge
types:
- completed
jobs:
run-after-merge:
if: github.repository == 'konflux-ci/multi-platform-controller'
runs-on: ubuntu-latest
steps:
- name: Checkout Main Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
ref: main
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version-file: "./go.mod"
- name: Download SeaLights Go agent and CLI tool
run: |
echo "[Sealights] Downloading Sealights Golang & CLI Agents..."
case $(lscpu | awk '/Architecture:/{print $2}') in
x86_64) SL_ARCH="linux-amd64";;
arm) SL_ARCH="linux-arm64";;
esac
wget -nv -O sealights-go-agent.tar.gz https://agents.sealights.co/slgoagent/latest/slgoagent-$SL_ARCH.tar.gz
wget -nv -O sealights-slcli.tar.gz https://agents.sealights.co/slcli/latest/slcli-$SL_ARCH.tar.gz
tar -xzf ./sealights-go-agent.tar.gz && tar -xzf ./sealights-slcli.tar.gz
rm -f ./sealights-go-agent.tar.gz ./sealights-slcli.tar.gz
./slgoagent -v 2> /dev/null | grep version && ./slcli -v 2> /dev/null | grep version
- name: Write SeaLights token into file
run: echo "${SEALIGHTS_AGENT_TOKEN}" > sltoken.txt
env:
SEALIGHTS_AGENT_TOKEN: '${{secrets.SEALIGHTS_AGENT_TOKEN}}'
- name: Create component of build name for SeaLights config command
run: echo "date=$(date +'%y%m%d.%H:%M')" >> $GITHUB_ENV
- name: Initiating and configuring SeaLights
run: |
echo "[Sealights] Initiating and configuring SeaLights to scan the main branch after pull request was closed"
./slcli config init --lang go --token ./sltoken.txt
./slcli config create-bsid --app multi-platform-controller --branch main --build ${BUILD_NAME}
env:
BUILD_NAME: multi-platform-controller-main-${{env.date}}
- name: Run the SeaLights scan
run: |
echo "[Sealights] Running the SeaLights scan"
./slcli scan --bsid buildSessionId.txt --path-to-scanner ./slgoagent --workspacepath ./ --scm git --scmBaseUrl https://github.com/konflux-ci/multi-platform-controller --scmVersion “0” --scmProvider github
- name: Build
run: make build
- name: clean all SeaLights secret stuff
run: |
echo "[Sealights] Cleaning up after SeaLights run"
rm sltoken.txt buildSessionId.txt