Run A SeaLights Scan Main Branch After A Pull Request Has Been Merged #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run A SeaLights Scan Main Branch After A Pull Request Has Been Merged | |
on: | |
workflow_run: | |
workflows: | |
- Trigger on PR Merge | |
types: | |
- completed | |
jobs: | |
run-after-merge: | |
if: github.repository == 'konflux-ci/multi-platform-controller' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Main Repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
with: | |
ref: main | |
- name: Install Go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 | |
with: | |
go-version-file: "./go.mod" | |
- name: Download SeaLights Go agent and CLI tool | |
run: | | |
echo "[Sealights] Downloading Sealights Golang & CLI Agents..." | |
case $(lscpu | awk '/Architecture:/{print $2}') in | |
x86_64) SL_ARCH="linux-amd64";; | |
arm) SL_ARCH="linux-arm64";; | |
esac | |
wget -nv -O sealights-go-agent.tar.gz https://agents.sealights.co/slgoagent/latest/slgoagent-$SL_ARCH.tar.gz | |
wget -nv -O sealights-slcli.tar.gz https://agents.sealights.co/slcli/latest/slcli-$SL_ARCH.tar.gz | |
tar -xzf ./sealights-go-agent.tar.gz && tar -xzf ./sealights-slcli.tar.gz | |
rm -f ./sealights-go-agent.tar.gz ./sealights-slcli.tar.gz | |
./slgoagent -v 2> /dev/null | grep version && ./slcli -v 2> /dev/null | grep version | |
- name: Write SeaLights token into file | |
run: echo "${SEALIGHTS_AGENT_TOKEN}" > sltoken.txt | |
env: | |
SEALIGHTS_AGENT_TOKEN: '${{secrets.SEALIGHTS_AGENT_TOKEN}}' | |
- name: Create component of build name for SeaLights config command | |
run: echo "date=$(date +'%y%m%d.%H:%M')" >> $GITHUB_ENV | |
- name: Initiating and configuring SeaLights | |
run: | | |
echo "[Sealights] Initiating and configuring SeaLights to scan the main branch after pull request was closed" | |
./slcli config init --lang go --token ./sltoken.txt | |
./slcli config create-bsid --app multi-platform-controller --branch main --build ${BUILD_NAME} | |
env: | |
BUILD_NAME: multi-platform-controller-main-${{env.date}} | |
- name: Run the SeaLights scan | |
run: | | |
echo "[Sealights] Running the SeaLights scan" | |
./slcli scan --bsid buildSessionId.txt --path-to-scanner ./slgoagent --workspacepath ./ --scm git --scmBaseUrl https://github.com/konflux-ci/multi-platform-controller --scmVersion “0” --scmProvider github | |
- name: Build | |
run: make build | |
- name: clean all SeaLights secret stuff | |
run: | | |
echo "[Sealights] Cleaning up after SeaLights run" | |
rm sltoken.txt buildSessionId.txt |