-
Notifications
You must be signed in to change notification settings - Fork 1
79 lines (77 loc) · 3.03 KB
/
main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: CI Fuzz
# Set a CI/CD variable called "CI_SENSE_API_TOKEN" with an API token
# generated in CI Fuzz web interface and a variable called "CI_FUZZ_DOWNLOAD_TOKEN"
# with a download token from https://downloads.code-intelligence.com.
# To download the CI Fuzz maven extension or gradle plugin set the secrets
# MAVEN_REGISTRY_USERNAME and MAVEN_REGISTRY_PASSWORD with the credentials
# from https://downloads.code-intelligence.com.
on:
workflow_dispatch:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
# Timeout until the pipeline is marked as 'success'
# if during that time no failing findings are found.
TIMEOUT: "5m"
# Minimum severity for findings that causes the pipeline to fail.
# Findings with lower severity are still reported but do not fail
# the pipeline.
# Possible values: 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'
MIN_FINDINGS_SEVERITY: LOW
# The CI Sense URL.
CI_SENSE_HTTP_URL: https://app.code-intelligence.com
CI_SENSE_GRPC_URL: grpc.code-intelligence.com:443
# The CI Sense project name.
PROJECT: prj-Rp8lKbLPrG2Z
# Directory in which the repository will be cloned.
CHECKOUT_DIR: checkout-dir/
jobs:
fuzz_tests:
runs-on: ubuntu-latest
steps:
- id: checkout
name: Checkout Repository
uses: actions/checkout@v2
with:
path: ${{ env.CHECKOUT_DIR }}
# Uncomment to configure access to CI Fuzz maven repository.
# - uses: s4u/[email protected]
# with:
# servers: '[{"id": "code-intelligence", "username": "${{ secrets.MAVEN_REGISTRY_USERNAME }}", "password": "${{ secrets.MAVEN_REGISTRY_PASSWORD }}"}]'
- id: install-cifuzz
name: Install cifuzz
uses: CodeIntelligenceTesting/github-actions/install-cifuzz@v6
with:
download_token: ${{ secrets.CI_FUZZ_DOWNLOAD_TOKEN }}
version: 'latest'
- id: run-fuzz-tests
name: Run Fuzz Tests
uses: CodeIntelligenceTesting/github-actions/run-fuzz-tests@v6
with:
ci_sense_api_token: ${{ secrets.CI_SENSE_API_TOKEN }}
project_name: ${{ env.PROJECT }}
repository_dir: ${{ env.CHECKOUT_DIR }}
timeout: ${{ env.TIMEOUT }}
min_findings_severity: ${{ env.MIN_FINDINGS_SEVERITY }}
ci_sense_http_url: ${{ env.CI_SENSE_HTTP_URL }}
- id: save-results
name: Save Fuzz Test Results
uses: CodeIntelligenceTesting/github-actions/save-results@v6
if: ${{ success() || failure() }}
with:
ci_sense_api_token: ${{ secrets.CI_SENSE_API_TOKEN }}
ci_sense_http_url: ${{ env.CI_SENSE_HTTP_URL }}
ci_sense_grpc_url: ${{ env.CI_SENSE_GRPC_URL }}
project_name: ${{ env.PROJECT }}
started_run: ${{ steps.run-fuzz-tests.outputs.started_run }}
- id: upload-artifact
uses: actions/upload-artifact@v2
if: ${{ (success() || failure()) }}
with:
name: ci_fuzz_results
path: |
findings.json
coverage.json
web_app_address.txt