Skip to content

OSSF Scorecard (#233) #47

OSSF Scorecard (#233)

OSSF Scorecard (#233) #47

Workflow file for this run

name: "Code coverage"
on:
push:
branches: [ "master" ]
# Declare default permissions as read only.
permissions: read-all
jobs:
coverage:
name: Run tests and generate coverage reports
runs-on: ubuntu-20.04
steps:
- name: Checkout this repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
- name: Build the middleware docker image
run: docker/mware/build
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 #v4.0.2
with:
aws-access-key-id: ${{ secrets.CODECOVERAGE_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.CODECOVERAGE_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.CODECOVERAGE_AWS_REGION }}
- name: Run middleware coverage script
run: |
middleware/test-all-coverage
COVPCT=$(cat middleware/coverage/total)
COVCOL=$(utils/coverage-color.sh $COVPCT)
echo "{ \"schemaVersion\": 1, \"label\": \"Middleware coverage\", \"message\": \"$COVPCT%\", \"color\": \"$COVCOL\" }" > middleware/coverage/badge.json
- name: "Upload middleware coverage report"
run: |
aws s3 sync \
middleware/coverage/ \
s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.2.x/middleware_coverage_report \
--sse aws:kms --sse-kms-key-id ${{ secrets.CODECOVERAGE_KMS_KEY_ID }} \
--no-progress --follow-symlinks --delete --only-show-errors
- name: Run firmware coverage script
run: |
firmware/coverage/gen-coverage
COVPCT=$(cat firmware/coverage/output/total)
COVCOL=$(utils/coverage-color.sh $COVPCT)
echo "{ \"schemaVersion\": 1, \"label\": \"Firmware coverage\", \"message\": \"$COVPCT%\", \"color\": \"$COVCOL\" }" > firmware/coverage/output/badge.json
- name: "Upload firmware coverage report"
run: |
aws s3 sync \
firmware/coverage/output/ \
s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.2.x/firmware_coverage_report \
--sse aws:kms --sse-kms-key-id ${{ secrets.CODECOVERAGE_KMS_KEY_ID }} \
--no-progress --follow-symlinks --delete --only-show-errors
- name: Invalidate CloudFront cache
run: |
aws cloudfront create-invalidation \
--distribution-id ${{ secrets.CODECOVERAGE_CLOUDFRONT_DIST_ID }} --paths "/*"