-
Notifications
You must be signed in to change notification settings - Fork 15
97 lines (84 loc) · 3.38 KB
/
check-regressions.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
on:
push:
branches:
- "**"
name: Check for regressions in static analysis kernel
jobs:
check_regressions:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
repo:
- { org: "golang", name: "go" }
- { org: "numpy", name: "numpy" }
- { org: "npm", name: "cli" }
- { org: "JamesNK", name: "Newtonsoft.Json" }
- { org: "google", name: "guava" }
- { org: "reduxjs", name: "redux" }
- { org: "ruby", name: "spec" }
- { org: "laravel", name: "framework" }
- { org: "muh-nee", name: "BenchmarkJava" }
- { org: "muh-nee", name: "NodeGoat" }
- { org: "muh-nee", name: "WebGoat" }
- { org: "muh-nee", name: "WebGoat.NET" }
- { org: "muh-nee", name: "FlowBlot.NET" }
- { org: "muh-nee", name: "Damn-Vulnerable-GraphQL-Application" }
- { org: "muh-nee", name: "SecurityShepherd" }
- { org: "muh-nee", name: "DSVW" }
- { org: "muh-nee", name: "NIST-Juliet-CSharp-1.3" }
- { org: "muh-nee", name: "DVWA" }
env:
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_APP_KEY: ${{ secrets.DD_APP_KEY }}
DD_SITE: ${{ vars.DD_SITE }}
steps:
- uses: actions/checkout@v4
with:
ref: main
- name: Set up Rust
uses: actions-rust-lang/[email protected]
- name: Checkout test repositories
uses: actions/checkout@v4
with:
repository: ${{ matrix.repo.org }}/${{ matrix.repo.name }}
path: ${{ matrix.repo.org }}/${{ matrix.repo.name }}
- name: Obtain results before changes
run: |
rm -f Cargo.lock
cargo clean
cargo run --release --bin datadog-static-analyzer -- -i ${{ matrix.repo.org }}/${{ matrix.repo.name }} -o result-pre.json -b -f sarif
- name: Fetch all branches and checkout PR
run: |
git fetch --all
git checkout ${{ github.sha }}
echo 'checked out ${{ github.sha }}'
- name: Obtain results after changes
run: |
rm -f Cargo.lock
cargo clean
cargo run --release --bin datadog-static-analyzer -- -i ${{ matrix.repo.org }}/${{ matrix.repo.name }} -o result-post.json -b -f sarif
- name: Install Node.js dependencies
run: npm install
working-directory: .github/scripts
- name: Run Unit Tests
run: npm test
working-directory: .github/scripts
- name: Run Regression Checks
id: regression
run: node ./.github/scripts/check-regressions.js ${{ matrix.repo.org }}/${{ matrix.repo.name }} result-pre.json result-post.json
- name: Upload unique changes from before
uses: actions/upload-artifact@v4
if: steps.regression.outputs.diff1files != ''
with:
name: failures-before-${{ matrix.repo.org }}-${{ matrix.repo.name }}
path: ${{ steps.regression.outputs.diff1files }}
- name: Upload unique changes from after
uses: actions/upload-artifact@v4
if: steps.regression.outputs.diff2files != ''
with:
name: failures-after-${{ matrix.repo.org }}-${{ matrix.repo.name }}
path: ${{ steps.regression.outputs.diff2files }}
- name: Fail
if: steps.regression.outputs.diff1files != '' || steps.regression.outputs.diff2files != ''
run: exit 1