From d693ab5cb0d5a6dce1e4b159f044b78f562ee5ae Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 18 Oct 2024 15:27:55 +0530 Subject: [PATCH 01/11] Adding Reversing Lab Sacanner --- .github/workflows/rl-scanner.yml | 84 ++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 .github/workflows/rl-scanner.yml diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml new file mode 100644 index 00000000..1cf6b72f --- /dev/null +++ b/.github/workflows/rl-scanner.yml @@ -0,0 +1,84 @@ +name: RL-Secure +run-name: rl-scanner + +on: + merge_group: + workflow_dispatch: + push: + branches: ['master'] + +permissions: + contents: read + +jobs: + rl-scanner: + runs-on: ubuntu-latest + + permissions: + pull-requests: write + id-token: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure Ruby + uses: ./.github/actions/setup + with: + ruby-version: 3.2 + + - name: Build RubyGems + shell: bash + run: | + gem build *.gemspec + + - name: Output build artifact + id: output_build_artifact + run: | + echo "scanfile=$(ls *.gem)" >> $GITHUB_OUTPUT + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Install Python dependencies + run: | + pip install --upgrade pip + pip install boto3 requests + + - name: Get Artifact Version + id: get_version + run: echo "version=$(cat .version)" >> $GITHUB_ENV + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.PRODSEC_TOOLS_ARN }} + aws-region: us-east-1 + mask-aws-account-id: true + + - name: Install rl-wrapper + env: + WRAPPER_INDEX_URL: "https://${{ secrets.PRODSEC_TOOLS_USER }}:${{ secrets.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple" + run: | + pip install rl-wrapper --index-url $WRAPPER_INDEX_URL + + - name: Run Reversing Labs Wrapper Scanner + env: + RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} + RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} + SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} + WRAPPER_INDEX_URL: "https://${{ secrets.PRODSEC_TOOLS_USER }}:${{ secrets.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple" + PYTHONUNBUFFERED: 1 + run: | + pip install rl-wrapper --index-url "$WRAPPER_INDEX_URL" && \ + rl-wrapper \ + --artifact "${{ steps.output_build_artifact.outputs.scanfile }}" \ + --version "${{ steps.get_version.outputs.version }}" \ + --name "${{ github.event.repository.name }}" \ + --repository "${{ github.repository }}" \ + --commit "${{ github.sha }}" \ + --build-env "github_actions" \ + --suppress_output + continue-on-error: true \ No newline at end of file From 56ebcdd70f48e2333a21f4b5f8b8b161dd790683 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 18 Oct 2024 15:37:38 +0530 Subject: [PATCH 02/11] Adding Test Logic --- .github/workflows/rl-scanner.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml index 1cf6b72f..4dea72d0 100644 --- a/.github/workflows/rl-scanner.yml +++ b/.github/workflows/rl-scanner.yml @@ -12,6 +12,7 @@ permissions: jobs: rl-scanner: + if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request') runs-on: ubuntu-latest permissions: From 436100ff5fc09ea35966134c4d123381e8174582 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 18 Oct 2024 16:03:48 +0530 Subject: [PATCH 03/11] Indentation Correction --- .github/workflows/rl-scanner.yml | 34 ++++++++++++++++---------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml index 4dea72d0..15584ed0 100644 --- a/.github/workflows/rl-scanner.yml +++ b/.github/workflows/rl-scanner.yml @@ -66,20 +66,20 @@ jobs: pip install rl-wrapper --index-url $WRAPPER_INDEX_URL - name: Run Reversing Labs Wrapper Scanner - env: - RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} - RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} - SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} - WRAPPER_INDEX_URL: "https://${{ secrets.PRODSEC_TOOLS_USER }}:${{ secrets.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple" - PYTHONUNBUFFERED: 1 - run: | - pip install rl-wrapper --index-url "$WRAPPER_INDEX_URL" && \ - rl-wrapper \ - --artifact "${{ steps.output_build_artifact.outputs.scanfile }}" \ - --version "${{ steps.get_version.outputs.version }}" \ - --name "${{ github.event.repository.name }}" \ - --repository "${{ github.repository }}" \ - --commit "${{ github.sha }}" \ - --build-env "github_actions" \ - --suppress_output - continue-on-error: true \ No newline at end of file + env: + RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} + RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} + SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} + WRAPPER_INDEX_URL: "https://${{ secrets.PRODSEC_TOOLS_USER }}:${{ secrets.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple" + PYTHONUNBUFFERED: 1 + run: | + pip install rl-wrapper --index-url "$WRAPPER_INDEX_URL" && \ + rl-wrapper \ + --artifact "${{ steps.output_build_artifact.outputs.scanfile }}" \ + --version "${{ steps.get_version.outputs.version }}" \ + --name "${{ github.event.repository.name }}" \ + --repository "${{ github.repository }}" \ + --commit "${{ github.sha }}" \ + --build-env "github_actions" \ + --suppress_output + continue-on-error: true \ No newline at end of file From 811a0d4d1f188137056e6ae11b02adb62d30b253 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 18 Oct 2024 16:13:46 +0530 Subject: [PATCH 04/11] Indentation correctionb= --- .github/workflows/rl-scanner.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml index 15584ed0..0fb3f67f 100644 --- a/.github/workflows/rl-scanner.yml +++ b/.github/workflows/rl-scanner.yml @@ -18,7 +18,7 @@ jobs: permissions: pull-requests: write id-token: write - + steps: - name: Checkout code uses: actions/checkout@v4 From 36b048f2d49f54e4ec8c14575d0ad298243bae68 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 18 Oct 2024 16:21:01 +0530 Subject: [PATCH 05/11] File Replace For Indentation Errors --- .github/workflows/rl-scanner.yml | 63 +++++++++++++++----------------- 1 file changed, 30 insertions(+), 33 deletions(-) diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml index 0fb3f67f..5abbf033 100644 --- a/.github/workflows/rl-scanner.yml +++ b/.github/workflows/rl-scanner.yml @@ -5,20 +5,23 @@ on: merge_group: workflow_dispatch: push: - branches: ['master'] - -permissions: - contents: read + branches: ["master"] + pull_request: + types: + - opened + - synchronize jobs: rl-scanner: if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request') runs-on: ubuntu-latest + environment: security + permissions: pull-requests: write - id-token: write - + id-token: write # This is required for requesting the JWT + steps: - name: Checkout code uses: actions/checkout@v4 @@ -32,7 +35,11 @@ jobs: shell: bash run: | gem build *.gemspec - + + - name: Get Artifact Version + id: get_version + run: echo "::set-output name=version::$(cat .version)" + - name: Output build artifact id: output_build_artifact run: | @@ -41,17 +48,13 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.10" - name: Install Python dependencies run: | pip install --upgrade pip pip install boto3 requests - - name: Get Artifact Version - id: get_version - run: echo "version=$(cat .version)" >> $GITHUB_ENV - - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: @@ -59,27 +62,21 @@ jobs: aws-region: us-east-1 mask-aws-account-id: true - - name: Install rl-wrapper + - name: Run Reversing Labs Wrapper Scanner env: + RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} + RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} + SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} WRAPPER_INDEX_URL: "https://${{ secrets.PRODSEC_TOOLS_USER }}:${{ secrets.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple" + PYTHONUNBUFFERED: 1 run: | - pip install rl-wrapper --index-url $WRAPPER_INDEX_URL - - - name: Run Reversing Labs Wrapper Scanner - env: - RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} - RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} - SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} - WRAPPER_INDEX_URL: "https://${{ secrets.PRODSEC_TOOLS_USER }}:${{ secrets.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple" - PYTHONUNBUFFERED: 1 - run: | - pip install rl-wrapper --index-url "$WRAPPER_INDEX_URL" && \ - rl-wrapper \ - --artifact "${{ steps.output_build_artifact.outputs.scanfile }}" \ - --version "${{ steps.get_version.outputs.version }}" \ - --name "${{ github.event.repository.name }}" \ - --repository "${{ github.repository }}" \ - --commit "${{ github.sha }}" \ - --build-env "github_actions" \ - --suppress_output - continue-on-error: true \ No newline at end of file + pip install rl-wrapper --index-url "$WRAPPER_INDEX_URL" && \ + rl-wrapper \ + --artifact "${{ steps.output_build_artifact.outputs.scanfile }}" \ + --version "${{ steps.get_version.outputs.version }}" \ + --name "${{ github.event.repository.name }}" \ + --repository "${{ github.repository }}" \ + --commit "${{ github.sha }}" \ + --build-env "github_actions" \ + --suppress_output + continue-on-error: true \ No newline at end of file From e3bb8ffb6a6ea0bc7103d854acce712a08ddffff Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 25 Oct 2024 16:22:35 +0530 Subject: [PATCH 06/11] Checking Divergent Branches --- .github/workflows/rl-scanner.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml index 5abbf033..f6c105cb 100644 --- a/.github/workflows/rl-scanner.yml +++ b/.github/workflows/rl-scanner.yml @@ -20,7 +20,7 @@ jobs: permissions: pull-requests: write - id-token: write # This is required for requesting the JWT + id-token: write # This is required for requesting the JW steps: - name: Checkout code From 8c006bf7fc192a4422cb6f6ec533c5ca2f04ff59 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 25 Oct 2024 16:52:49 +0530 Subject: [PATCH 07/11] New Changes To RL Workflow --- .github/actions/rl-scanner/action.yml | 71 ++++++++++++++++++++++ .github/workflows/release.yml | 12 ++++ .github/workflows/rl-scanner.yml | 87 +++++++++++---------------- 3 files changed, 119 insertions(+), 51 deletions(-) create mode 100644 .github/actions/rl-scanner/action.yml diff --git a/.github/actions/rl-scanner/action.yml b/.github/actions/rl-scanner/action.yml new file mode 100644 index 00000000..b3df2d95 --- /dev/null +++ b/.github/actions/rl-scanner/action.yml @@ -0,0 +1,71 @@ +name: 'Reversing Labs Scanner' +description: 'Runs the Reversing Labs scanner on a specified artifact.' +inputs: + artifact-path: + description: 'Path to the artifact to be scanned.' + required: true + version: + description: 'Version of the artifact.' + required: true + +runs: + using: 'composite' + steps: + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.10' + + - name: Install Python dependencies + shell: bash + run: | + pip install boto3 requests + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }} + aws-region: us-east-1 + mask-aws-account-id: true + + - name: Install RL Wrapper + shell: bash + run: | + pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple" + + - name: Run RL Scanner + shell: bash + env: + RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }} + RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }} + SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }} + PYTHONUNBUFFERED: 1 + run: | + if [ ! -f "${{ inputs.artifact-path }}" ]; then + echo "Artifact not found: ${{ inputs.artifact-path }}" + exit 1 + fi + + rl-wrapper \ + --artifact "${{ inputs.artifact-path }}" \ + --name "${{ github.event.repository.name }}" \ + --version "${{ inputs.version }}" \ + --repository "${{ github.repository }}" \ + --commit "${{ github.sha }}" \ + --build-env "github_actions" \ + --suppress_output + + # Check the outcome of the scanner + if [ $? -ne 0 ]; then + echo "RL Scanner failed." + echo "scan-status=failed" >> $GITHUB_ENV + exit 1 + else + echo "RL Scanner passed." + echo "scan-status=success" >> $GITHUB_ENV + fi + +outputs: + scan-status: + description: 'The outcome of the scan process.' + value: ${{ env.scan-status }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d559a747..6f85e82f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,6 +13,18 @@ permissions: ### TODO: Also remove `get-prerelease`, `get-version`, `rubygems-publish`, `release-create`, `tag-create` and `tag-exists` actions from this repo's .github/actions folder and `ruby-release` from `./github/workflows` once the repo is public. jobs: + rl-scanner: + uses: ./.github/workflows/rl-scanner.yml + with: + ruby-version: 3.2 + secrets: + RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} + RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} + SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} + PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }} + PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }} + PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }} + release: uses: ./.github/workflows/ruby-release.yml with: diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml index f6c105cb..ca2c2557 100644 --- a/.github/workflows/rl-scanner.yml +++ b/.github/workflows/rl-scanner.yml @@ -1,26 +1,35 @@ -name: RL-Secure -run-name: rl-scanner +name: RL-Secure Workflow on: - merge_group: - workflow_dispatch: - push: - branches: ["master"] - pull_request: - types: - - opened - - synchronize + workflow_call: + inputs: + ruby-version: + required: true + type: string + secrets: + RLSECURE_LICENSE: + required: true + RLSECURE_SITE_KEY: + required: true + SIGNAL_HANDLER_TOKEN: + required: true + PRODSEC_TOOLS_USER: + required: true + PRODSEC_TOOLS_TOKEN: + required: true + PRODSEC_TOOLS_ARN: + required: true jobs: rl-scanner: - if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request') + if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) runs-on: ubuntu-latest - - environment: security + outputs: + scan-status: ${{ steps.rl-scan-conclusion.outcome }} permissions: pull-requests: write - id-token: write # This is required for requesting the JW + id-token: write # This is required for requesting the JWT steps: - name: Checkout code @@ -29,7 +38,7 @@ jobs: - name: Configure Ruby uses: ./.github/actions/setup with: - ruby-version: 3.2 + ruby-version: ${{ inputs.ruby-version }} - name: Build RubyGems shell: bash @@ -38,45 +47,21 @@ jobs: - name: Get Artifact Version id: get_version - run: echo "::set-output name=version::$(cat .version)" - - - name: Output build artifact - id: output_build_artifact - run: | - echo "scanfile=$(ls *.gem)" >> $GITHUB_OUTPUT - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: "3.10" + uses: ./.github/actions/get-version - - name: Install Python dependencies - run: | - pip install --upgrade pip - pip install boto3 requests - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + - name: Run RL Scanner + id: rl-scan-conclusion + uses: ./.github/actions/rl-scanner with: - role-to-assume: ${{ secrets.PRODSEC_TOOLS_ARN }} - aws-region: us-east-1 - mask-aws-account-id: true - - - name: Run Reversing Labs Wrapper Scanner + artifact-path: "$(pwd)/*.gem" + version: "${{ steps.get_version.outputs.version }}" env: RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} - WRAPPER_INDEX_URL: "https://${{ secrets.PRODSEC_TOOLS_USER }}:${{ secrets.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple" - PYTHONUNBUFFERED: 1 - run: | - pip install rl-wrapper --index-url "$WRAPPER_INDEX_URL" && \ - rl-wrapper \ - --artifact "${{ steps.output_build_artifact.outputs.scanfile }}" \ - --version "${{ steps.get_version.outputs.version }}" \ - --name "${{ github.event.repository.name }}" \ - --repository "${{ github.repository }}" \ - --commit "${{ github.sha }}" \ - --build-env "github_actions" \ - --suppress_output - continue-on-error: true \ No newline at end of file + PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }} + PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }} + PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }} + + - name: Output scan result + run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV \ No newline at end of file From 1b07927215b5d80298da64e8c3a79a03c8e46f64 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 25 Oct 2024 16:59:58 +0530 Subject: [PATCH 08/11] Added the need flag for release job --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6f85e82f..2bb1d542 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,6 +27,7 @@ jobs: release: uses: ./.github/workflows/ruby-release.yml + needs: rl-scanner with: ruby-version: 3.2 secrets: From f59911d0eb8dde9d3202b0f13bc5df82bd0912f1 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Mon, 28 Oct 2024 13:40:52 +0530 Subject: [PATCH 09/11] Testing The RL scanner --- .github/workflows/release.yml | 4 ++++ .github/workflows/rl-scanner.yml | 5 ----- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2bb1d542..42681055 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,9 +5,13 @@ on: types: - closed workflow_dispatch: + push: + branches: + - 'adding_reversing_labs_scanner' permissions: contents: write + id-token: write # This is required for requesting the JWT ### TODO: Replace instances of './.github/workflow/' w/ `auth0/dx-sdk-actions/` and append `@latest` after the common `dx-sdk-actions` repo is made public. ### TODO: Also remove `get-prerelease`, `get-version`, `rubygems-publish`, `release-create`, `tag-create` and `tag-exists` actions from this repo's .github/actions folder and `ruby-release` from `./github/workflows` once the repo is public. diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml index ca2c2557..21250de3 100644 --- a/.github/workflows/rl-scanner.yml +++ b/.github/workflows/rl-scanner.yml @@ -22,15 +22,10 @@ on: jobs: rl-scanner: - if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) runs-on: ubuntu-latest outputs: scan-status: ${{ steps.rl-scan-conclusion.outcome }} - permissions: - pull-requests: write - id-token: write # This is required for requesting the JWT - steps: - name: Checkout code uses: actions/checkout@v4 From 6792fdcdf265b1f1225582d50fe9c94c464b12f2 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Mon, 28 Oct 2024 21:43:48 +0530 Subject: [PATCH 10/11] Adding Gem File Path Correction Logic --- .github/workflows/rl-scanner.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml index 21250de3..0d986a3d 100644 --- a/.github/workflows/rl-scanner.yml +++ b/.github/workflows/rl-scanner.yml @@ -39,6 +39,8 @@ jobs: shell: bash run: | gem build *.gemspec + export GEM_FILE=$(ls *.gem) + echo "gem_file=$GEM_FILE" >> $GITHUB_ENV - name: Get Artifact Version id: get_version @@ -48,7 +50,7 @@ jobs: id: rl-scan-conclusion uses: ./.github/actions/rl-scanner with: - artifact-path: "$(pwd)/*.gem" + artifact-path: "$(pwd)/${{ env.gem_file }}" version: "${{ steps.get_version.outputs.version }}" env: RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} From 350a83825be69a26afa17c79fc818dc5d65d76d1 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Mon, 28 Oct 2024 21:49:26 +0530 Subject: [PATCH 11/11] Reverting Testing Stages --- .github/workflows/release.yml | 3 --- .github/workflows/rl-scanner.yml | 1 + 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 42681055..a3ccabf6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,9 +5,6 @@ on: types: - closed workflow_dispatch: - push: - branches: - - 'adding_reversing_labs_scanner' permissions: contents: write diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml index 0d986a3d..1e450b04 100644 --- a/.github/workflows/rl-scanner.yml +++ b/.github/workflows/rl-scanner.yml @@ -22,6 +22,7 @@ on: jobs: rl-scanner: + if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) runs-on: ubuntu-latest outputs: scan-status: ${{ steps.rl-scan-conclusion.outcome }}