Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| a2c4af54ae | |||
| 1d5ce5e8f4 | |||
| 38d311a43c | |||
| efb2257a09 | |||
| 418e1b34e9 | |||
| 4d8d18d4c4 | |||
| ac31a169e0 | |||
| 26ac67db47 | |||
| 5e1031a9ef |
@@ -13,15 +13,16 @@ jobs:
|
|||||||
name: Release
|
name: Release
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Increment tag
|
- name: Increment tag
|
||||||
id: tag
|
id: tag
|
||||||
uses: https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment@af46017d0af5fd6af4425f8e6961f14280a1acd1 # 0.1.26
|
uses: https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment@41b7e04221df8a033bec841d40a097b76e5f67ff # 0.1.29
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITEA_TOKEN }}
|
token: ${{ secrets.GITEA_TOKEN }}
|
||||||
|
prerelease: ${{ github.event_name == 'workflow_dispatch' }}
|
||||||
- name: Push tag
|
- name: Push tag
|
||||||
uses: https://gitea.t000-n.de/t.behrendt/actions/release-git-tag@1b8fe65eda1ea0a7586a5fd552ef8f4a639b154f # 0.1.3
|
uses: https://gitea.t000-n.de/t.behrendt/actions/release-git-tag@3925c92fc33f3d2bc87d28d21ab691b7e6dd6cdf # 0.2.1
|
||||||
with:
|
with:
|
||||||
tag: ${{ steps.tag.outputs.new-tag }}
|
tag: ${{ steps.tag.outputs.new-tag }}
|
||||||
|
|||||||
@@ -1,23 +1,23 @@
|
|||||||
name: 'TAS Upload SARIF'
|
name: "TAS Upload SARIF"
|
||||||
description: 'Upload a SARIF report to TAS (Tea Advanced Security) and fail the job if gating returns allowed: false'
|
description: "Upload a SARIF report to TAS (Tea Advanced Security) and fail the job if gating returns allowed: false"
|
||||||
inputs:
|
inputs:
|
||||||
tas-base-url:
|
tas-base-url:
|
||||||
description: 'Base URL of the TAS API (e.g. https://tas.example.com)'
|
description: "Base URL of the TAS API (e.g. https://tas.example.com)"
|
||||||
required: true
|
required: true
|
||||||
sarif-file:
|
sarif-file:
|
||||||
description: 'Path to the SARIF report file (JSON)'
|
description: "Path to the SARIF report file (JSON)"
|
||||||
required: true
|
required: true
|
||||||
owner:
|
owner:
|
||||||
description: 'Repository owner (default: GitHub repository owner)'
|
description: "Repository owner (default: GitHub repository owner)"
|
||||||
required: false
|
required: false
|
||||||
repo:
|
repo:
|
||||||
description: 'Repository name (default: GitHub repository name)'
|
description: "Repository name (default: GitHub repository name)"
|
||||||
required: false
|
required: false
|
||||||
branch:
|
branch:
|
||||||
description: 'Branch name (default: current ref name, e.g. main)'
|
description: "Branch name (default: current ref name, e.g. main)"
|
||||||
required: false
|
required: false
|
||||||
runs:
|
runs:
|
||||||
using: 'composite'
|
using: "composite"
|
||||||
steps:
|
steps:
|
||||||
- name: Upload SARIF to TAS and gate
|
- name: Upload SARIF to TAS and gate
|
||||||
shell: bash
|
shell: bash
|
||||||
@@ -29,7 +29,10 @@ runs:
|
|||||||
SARIF_FILE: ${{ inputs.sarif-file }}
|
SARIF_FILE: ${{ inputs.sarif-file }}
|
||||||
run: |
|
run: |
|
||||||
BASE_URL="${BASE_URL%/}"
|
BASE_URL="${BASE_URL%/}"
|
||||||
URL="${BASE_URL}/repos/${OWNER}/${REPO}/branches/${BRANCH}/reports"
|
OWNER_ENC=$(jq -rn --arg x "$OWNER" '$x | @uri')
|
||||||
|
REPO_ENC=$(jq -rn --arg x "$REPO" '$x | @uri')
|
||||||
|
BRANCH_ENC=$(jq -rn --arg x "$BRANCH" '$x | @uri')
|
||||||
|
URL="${BASE_URL}/repos/${OWNER_ENC}/${REPO_ENC}/branches/${BRANCH_ENC}/reports"
|
||||||
echo "Uploading SARIF to TAS: $URL"
|
echo "Uploading SARIF to TAS: $URL"
|
||||||
|
|
||||||
if [[ ! -f "$SARIF_FILE" ]]; then
|
if [[ ! -f "$SARIF_FILE" ]]; then
|
||||||
|
|||||||
Reference in New Issue
Block a user