From 0899fe02daa607b5a5ce7dd0d5ed732f41bbf2fb Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Thu, 20 Feb 2025 14:48:11 -0600 Subject: [PATCH 1/2] Add coana workflows --- .github/workflows/coana-analysis.yml | 25 +++++++++++ .github/workflows/coana-guardrail.yml | 60 +++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 .github/workflows/coana-analysis.yml create mode 100644 .github/workflows/coana-guardrail.yml diff --git a/.github/workflows/coana-analysis.yml b/.github/workflows/coana-analysis.yml new file mode 100644 index 0000000..81a2899 --- /dev/null +++ b/.github/workflows/coana-analysis.yml @@ -0,0 +1,25 @@ +name: Coana Vulnerability Analysis + +on: + schedule: + # every day at 12 AM + - cron: '0 0 * * *' + workflow_dispatch: + inputs: + tags: + description: 'Manually run vulnerability analysis' + +jobs: + coana-vulnerability-analysis: + runs-on: ubuntu-latest + timeout-minutes: 60 + + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Run Coana CLI + id: coana-cli + run: | + npx @coana-tech/cli run . \ + --api-key ${{ secrets.COANA_API_KEY }} \ + --repo-url https://github.com/${{github.repository}} diff --git a/.github/workflows/coana-guardrail.yml b/.github/workflows/coana-guardrail.yml new file mode 100644 index 0000000..945a404 --- /dev/null +++ b/.github/workflows/coana-guardrail.yml @@ -0,0 +1,60 @@ +name: Coana Guardrail + +on: pull_request + +jobs: + guardrail: + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v44 + with: + separator: ' ' + + - name: Checkout the ${{github.base_ref}} branch + uses: actions/checkout@v4 + with: + ref: ${{github.base_ref}} # checkout the base branch (usually master/main). + + - name: Use Node.js 20.x + uses: actions/setup-node@v4 + with: + node-version: 20.x + + - name: Run Coana on the ${{github.base_ref}} branch + run: | + npx @coana-tech/cli run . \ + --guardrail-mode \ + --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \ + -o /tmp/main-branch \ + --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \ + --lightweight-reachability \ + + # Reset file permissions changed by Coana CLI. + - name: Reset file permissions + run: sudo chown -R $USER:$USER . + + - name: Checkout the current branch + uses: actions/checkout@v4 + with: + clean: true + + - name: Run Coana on the current branch + run: | + npx @coana-tech/cli run . \ + --guardrail-mode \ + --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \ + -o /tmp/current-branch \ + --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \ + --lightweight-reachability \ + + - name: Run Report Comparison + run: | + npx @coana-tech/cli compare-reports \ + --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \ + /tmp/main-branch/coana-report.json \ + /tmp/current-branch/coana-report.json + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 438118fd3dd66899c1f310cbbf350c4f28e814c4 Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Thu, 20 Feb 2025 14:50:51 -0600 Subject: [PATCH 2/2] formatting --- .github/workflows/coana-analysis.yml | 4 ++-- .github/workflows/coana-guardrail.yml | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/coana-analysis.yml b/.github/workflows/coana-analysis.yml index 81a2899..6bf3c3f 100644 --- a/.github/workflows/coana-analysis.yml +++ b/.github/workflows/coana-analysis.yml @@ -3,11 +3,11 @@ name: Coana Vulnerability Analysis on: schedule: # every day at 12 AM - - cron: '0 0 * * *' + - cron: "0 0 * * *" workflow_dispatch: inputs: tags: - description: 'Manually run vulnerability analysis' + description: "Manually run vulnerability analysis" jobs: coana-vulnerability-analysis: diff --git a/.github/workflows/coana-guardrail.yml b/.github/workflows/coana-guardrail.yml index 945a404..9850039 100644 --- a/.github/workflows/coana-guardrail.yml +++ b/.github/workflows/coana-guardrail.yml @@ -11,18 +11,18 @@ jobs: id: changed-files uses: tj-actions/changed-files@v44 with: - separator: ' ' - + separator: " " + - name: Checkout the ${{github.base_ref}} branch uses: actions/checkout@v4 with: ref: ${{github.base_ref}} # checkout the base branch (usually master/main). - + - name: Use Node.js 20.x uses: actions/setup-node@v4 with: node-version: 20.x - + - name: Run Coana on the ${{github.base_ref}} branch run: | npx @coana-tech/cli run . \ @@ -31,16 +31,16 @@ jobs: -o /tmp/main-branch \ --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \ --lightweight-reachability \ - + # Reset file permissions changed by Coana CLI. - name: Reset file permissions run: sudo chown -R $USER:$USER . - + - name: Checkout the current branch uses: actions/checkout@v4 with: clean: true - + - name: Run Coana on the current branch run: | npx @coana-tech/cli run . \ @@ -49,7 +49,7 @@ jobs: -o /tmp/current-branch \ --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \ --lightweight-reachability \ - + - name: Run Report Comparison run: | npx @coana-tech/cli compare-reports \ @@ -57,4 +57,4 @@ jobs: /tmp/main-branch/coana-report.json \ /tmp/current-branch/coana-report.json env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}