Complete check and issue creation. #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check binaries | |
| # on: | |
| # pull_request: | |
| # branches: | |
| # - develop | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| text: | |
| description: 'Dummy text' | |
| default: 'No text' | |
| push: | |
| branches: | |
| - test-check | |
| # schedule: | |
| # - cron: "* * * * *"s | |
| jobs: | |
| check-binary: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| report_contents: ${{ steps.save-output.outputs.report_contents }} | |
| steps: | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - uses: actions/checkout@v4 | |
| - uses: robinraju/[email protected] | |
| with: | |
| latest: true | |
| fileName: 'aws-lambda-rie*' | |
| out-file-path: "bin" | |
| - name: Run check for vulnerabilities | |
| id: check-binaries | |
| run: | | |
| make check-binaries | |
| - if: always() && failure() # Failure means there are vulnerabilities | |
| id: save-output | |
| name: Save output contents | |
| run: | | |
| report_csv="$(cat $(ls -tr output.cve-bin-*.csv 2>/dev/null | tail -n1))" # last file generated | |
| report="${report_csv}.txt" | |
| awk -F',' '{n=split($10, path, "/"); print $2,$3,$4,$5,path[n]}' "$report_csv" | column -t > "$report" # make the CSV nicer | |
| echo "report_contents=$(cat $report)" >> "$GITHUB_OUTPUT" | |
| create-issue: | |
| runs-on: ubuntu-latest | |
| needs: check-binary | |
| if: always() && needs.check-binary.outputs.report_contents != '' | |
| steps: | |
| - name: Build new version and check | |
| id: check-new-version | |
| run: | | |
| make compile-with-docker-all | |
| latest_version=$(strings bin/aws-lambda-rie* | grep '^go1\.' | uniq) | |
| echo "latest_version=$latest_version" | |
| make check_binaries | |
| exit_code=$? | |
| if [ "$exit_code" != "0" ]; then | |
| fixed="No" | |
| else | |
| fixed="Yes" | |
| fi | |
| echo fixed=$fixed" >> "$GITHUB_OUTPUT" | |
| - name: Create Issue | |
| id: create-issue | |
| uses: dacbd/create-issue-action@main | |
| with: | |
| token: ${{ github.token }} | |
| title: | | |
| CVEs found in latest RIE release | |
| body: | | |
| ## CVEs found in latest RIE release: | |
| > **${{ needs.check-binary.outputs.report_contents }}** | |
| #### Is this fixed by updating to the latest Go version (${{steps.check-new-version.outputs.latest_version}})?): | |
| ${{ steps.check-new-version.outputs.fixed }} |