CI #57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: self-hosted | |
| steps: | |
| - name: Clean workspace | |
| run: | | |
| rm -rf "${{ github.workspace }}" | |
| mkdir -p "${{ github.workspace }}" | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: 'WebGoat/WebGoat' | |
| path: 'webgoat' | |
| - run: | | |
| wget -q https://github.com/pmd/pmd/releases/download/pmd_releases%2F6.38.0/pmd-bin-6.38.0.zip | |
| unzip pmd-bin-6.38.0.zip | |
| ./pmd-bin-6.38.0/bin/run.sh pmd -d webgoat -f sarif -R rulesets/java/quickstart.xml -r pmd-sarif.json -failOnViolation false | |
| cp pmd-sarif.json pmd-sarif-copy.json | |
| - name: Code Dx Analysis | |
| # You may pin to the exact commit or the version. | |
| # uses: codedx/codedx-github-action@aafa30d88c16384c29485a2f38b30f262fc3fd9b | |
| uses: codedx/[email protected] | |
| with: | |
| # the URL for the Code Dx server (typically ends with `/codedx`) | |
| server-url: ${{ secrets.CDX_SERVER_URL }} | |
| # an API key or Personal Access Token (PAT) to use when connecting to Code Dx | |
| api-key: ${{ secrets.CDX_API_KEY }} | |
| # the ID of a project (an integer) created in Code Dx | |
| project-id: ${{ secrets.CDX_PROJECT_ID }} | |
| # Can only include one of either project-id or project-name | |
| #project-name: ${{ secrets.CDX_PROJECT_NAME }} | |
| # a file glob matching source and binary files (accepts multiple comma-separated globs) | |
| # source-and-binaries-glob: 'webgpat./**' | |
| # a file glob matching output files (ie scan results) from an analysis tool (accepts multiple comma-separated globs) | |
| tool-outputs-glob: 'pmd-sarif.json' | |
| # whether to wait for the analysis to complete. if true, will fail the build if the analysis encountered an error. | |
| wait-for-completion: false | |
| target-branch-name: ${{ secrets.CDX_TARGET_BRANCH_NAME }} | |
| base-branch-name: ${{ secrets.CDX_BASE_BRANCH_NAME }} | |