feat(general): Add checkov.spec to enable PyInstaller #10845
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Test | |
| on: pull_request | |
| permissions: | |
| contents: read | |
| jobs: | |
| # lint: | |
| # uses: bridgecrewio/gha-reusable-workflows/.github/workflows/pre-commit.yaml@main | |
| # with: | |
| # python-version: "3.9" | |
| # | |
| # cfn-lint: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
| # - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 | |
| # with: | |
| # python-version: 3.7 | |
| # - name: Install cfn-lint | |
| # run: | | |
| # pip install -U cfn-lint | |
| # - name: Lint Cloudformation templates | |
| # run: | | |
| # cfn-lint tests/cloudformation/checks/resource/aws/**/* -i W | |
| # | |
| # mypy: | |
| # uses: bridgecrewio/gha-reusable-workflows/.github/workflows/mypy.yaml@main | |
| # | |
| # unit-tests: | |
| # strategy: | |
| # fail-fast: true | |
| # matrix: | |
| # python: ["3.7", "3.8", "3.9", "3.10", "3.11"] | |
| # runs-on: ubuntu-latest | |
| # timeout-minutes: 30 | |
| # steps: | |
| # - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
| # - name: Set up Python ${{ matrix.python }} | |
| # uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 | |
| # with: | |
| # python-version: ${{ matrix.python }} | |
| # cache: "pipenv" | |
| # cache-dependency-path: "Pipfile.lock" | |
| # - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
| # with: | |
| # token: ${{ secrets.GITHUB_TOKEN }} | |
| # - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 | |
| # with: | |
| # github-token: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Install pipenv | |
| # run: | | |
| # python -m pip install --no-cache-dir --upgrade pipenv | |
| # - name: Install dependencies | |
| # run: | | |
| # # remove venv, if exists | |
| # pipenv --rm || true | |
| # pipenv --python ${{ matrix.python }} | |
| # pipenv install --dev -v | |
| # - name: Unit tests | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # run: | | |
| # pipenv run python -m pytest tests | |
| # | |
| # integration-tests: | |
| # strategy: | |
| # fail-fast: true | |
| # matrix: | |
| # python: ["3.7", "3.8", "3.9", "3.10", "3.11"] | |
| # os: [ubuntu-latest, macos-latest, windows-latest] | |
| # runs-on: ${{ matrix.os }} | |
| # steps: | |
| # - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
| # - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 | |
| # with: | |
| # python-version: ${{ matrix.python }} | |
| # cache: "pipenv" | |
| # cache-dependency-path: "Pipfile.lock" | |
| # - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 | |
| # - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
| # with: | |
| # token: ${{ secrets.GITHUB_TOKEN }} | |
| # - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 | |
| # if: ${{ runner.os != 'windows' }} | |
| # with: | |
| # github-token: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Install pipenv | |
| # run: | | |
| # python -m pip install --no-cache-dir --upgrade pipenv | |
| # - name: Build & install checkov package | |
| # run: | | |
| # # remove venv, if exists | |
| # pipenv --rm || true | |
| # pipenv --python ${{ matrix.python }} | |
| # pipenv run pip install pytest pytest-xdist | |
| # pipenv run python setup.py sdist bdist_wheel | |
| # bash -c 'pipenv run pip install dist/checkov-*.whl' | |
| # - name: Clone Terragoat - vulnerable terraform | |
| # run: git clone https://github.com/bridgecrewio/terragoat | |
| # - name: Clone Cfngoat - vulnerable cloudformation | |
| # run: git clone https://github.com/bridgecrewio/cfngoat | |
| # - name: Clone Kubernetes-goat - vulnerable kubernetes | |
| # run: git clone https://github.com/madhuakula/kubernetes-goat | |
| # - name: Clone kustomize-goat - vulnerable kustomize | |
| # run: git clone https://github.com/bridgecrewio/kustomizegoat | |
| # - name: Create checkov reports | |
| # env: | |
| # LOG_LEVEL: INFO | |
| # BC_KEY: ${{ secrets.BC_API_KEY }} | |
| # run: | | |
| # # Just making sure the API key tests don't run on PRs | |
| # bash -c './integration_tests/prepare_data.sh ${{ matrix.os }} 3.8' | |
| # - name: Run integration tests | |
| # run: | | |
| # pipenv run pytest integration_tests -k 'not api_key' | |
| # | |
| # performance-tests: | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # python: ["3.7"] | |
| # env: | |
| # working-directory: ./performance_tests | |
| # runs-on: [self-hosted, public, linux, x64] | |
| # steps: | |
| # - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
| # - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 | |
| # with: | |
| # python-version: ${{ matrix.python }} | |
| # cache: "pipenv" | |
| # cache-dependency-path: "Pipfile.lock" | |
| # - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 | |
| # - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
| # with: | |
| # token: ${{ secrets.GITHUB_TOKEN }} | |
| # - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 | |
| # with: | |
| # github-token: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Install pipenv | |
| # run: | | |
| # python -m pip install --no-cache-dir --upgrade pipenv | |
| # - name: Build & install checkov package | |
| # run: | | |
| # # remove venv, if exists | |
| # pipenv --rm || true | |
| # pipenv --python ${{ matrix.python }} | |
| # # 'py' package is used in 'pytest-benchmark', but 'pytest' removed it in their latest version | |
| # pipenv run pip install pytest pytest-benchmark py | |
| # pipenv run python setup.py sdist bdist_wheel | |
| # bash -c 'pipenv run pip install dist/checkov-*.whl' | |
| # - name: Clone terraform-aws-components | |
| # run: git clone --branch 0.182.0 https://github.com/cloudposse/terraform-aws-components.git | |
| # working-directory: ${{ env.working-directory }} | |
| # - name: Clone aws-cloudformation-templates | |
| # run: git clone --branch 0.0.1 https://github.com/awslabs/aws-cloudformation-templates.git | |
| # working-directory: ${{ env.working-directory }} | |
| # - name: Clone kubernetes-yaml-templates | |
| # run: git clone https://github.com/dennyzhang/kubernetes-yaml-templates.git | |
| # working-directory: ${{ env.working-directory }} | |
| # - name: Run performance tests | |
| # run: | | |
| # pipenv run pytest | |
| # working-directory: ${{ env.working-directory }} | |
| # | |
| # dogfood-tests: | |
| # runs-on: ubuntu-latest | |
| # env: | |
| # PYTHON_VERSION: "3.7" | |
| # WORKING_DIRECTORY: ./dogfood_tests | |
| # steps: | |
| # - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
| # - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 | |
| # with: | |
| # python-version: ${{ env.PYTHON_VERSION }} | |
| # cache: "pipenv" | |
| # cache-dependency-path: "Pipfile.lock" | |
| # - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
| # with: | |
| # token: ${{ secrets.GITHUB_TOKEN }} | |
| # - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 | |
| # with: | |
| # github-token: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Install pipenv | |
| # run: | | |
| # python -m pip install --no-cache-dir --upgrade pipenv | |
| # | |
| # - name: Build & install checkov package | |
| # run: | | |
| # # remove venv, if exists | |
| # pipenv --rm || true | |
| # pipenv --python ${{ env.PYTHON_VERSION }} | |
| # pipenv run pip install pytest pytest-xdist | |
| # pipenv run python setup.py sdist bdist_wheel | |
| # bash -c 'pipenv run pip install dist/checkov-*.whl' | |
| # - name: Run dogfood tests | |
| # run: | | |
| # pipenv run pytest | |
| # working-directory: ${{ env.WORKING_DIRECTORY }} | |
| build-release-artifacts: | |
| strategy: | |
| matrix: | |
| include: | |
| - os: macos-latest | |
| name: darwin | |
| - os: ubuntu-latest | |
| name: linux | |
| - os: windows-latest | |
| name: windows | |
| # needs: [github-release] | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 | |
| with: | |
| python-version: 3.7 | |
| - name: Install pipenv | |
| run: | | |
| python -m pip install --no-cache-dir --upgrade pipenv | |
| - name: Install deps | |
| run: | | |
| pipenv sync | |
| pipenv run pip install pyinstaller | |
| - name: Build artifact | |
| run: | | |
| pipenv run pyinstaller checkov.spec | |
| if [[ "$OSTYPE" == "msys" ]] | |
| then | |
| tar.exe -a -c -f checkov.zip dist/checkov | |
| else | |
| zip checkov.zip dist/checkov | |
| fi | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: checkov_${{ matrix.name }}.zip | |
| path: checkov.zip | |
| if-no-files-found: error |