ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-02-05 21:43:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add GitHub Actions workflows for code quality and automation (#2)

Browse Source
This commit is contained in:
Ismo Vuorinen
2025-02-02 00:42:19 +02:00
committed by GitHub
parent af6ecdf6ca
commit 210aa969b3
105 changed files with 8807 additions and 408 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
.github/workflows/security-trends.yml vendored Normal file
View File

@@ -0,0 +1,134 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Security Trends Analysis
on:
workflow_run:
workflows: ['Security Checks']
types:
- completed
jobs:
analyze-trends:
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
steps:
- uses: actions/checkout@v4
with:
ref: main
fetch-depth: 0
- name: Download latest results
uses: actions/download-artifact@v4
with:
name: security-reports-${{ github.event.workflow_run.id }}
path: latest-results
- name: Analyze Trends
id: analyze
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const path = require('path');
try {
// ... [previous code remains the same until report generation]
// Generate trend report
const report = generateTrendReport(trends);
// Save report explicitly for next step
console.log('Writing trend report to file...');
fs.writeFileSync('trend-report.md', report);
console.log('Trend report saved successfully');
// Save history
fs.writeFileSync(historyFile, JSON.stringify(history, null, 2));
// Generate and save chart
const chartData = generateChartData(history);
fs.writeFileSync('security-trends.svg', chartData);
// Set outputs for other steps
core.setOutput('has_vulnerabilities',
trends.critical.current > 0 || trends.high.current > 0);
core.setOutput('trend_status',
trends.critical.trend > 0 || trends.high.trend > 0 ? 'worsening' : 'improving');
core.setOutput('report_path', 'trend-report.md');
} catch (error) {
core.setFailed(`Failed to analyze trends: ${error.message}`);
throw error;
}
- name: Verify Report File
id: verify
shell: bash
run: |
if [ ! -f "trend-report.md" ]; then
echo "::error::Trend report file not found"
echo "exists=false" >> "$GITHUB_OUTPUT"
exit 1
else
echo "exists=true" >> "$GITHUB_OUTPUT"
echo "size=$(stat -f%z trend-report.md)" >> "$GITHUB_OUTPUT"
fi
- name: Create Trend Report Issue
if: |
github.event.workflow_run.conclusion == 'success' &&
steps.verify.outputs.exists == 'true'
uses: actions/github-script@v7
with:
script: |
try {
const fs = require('fs');
const reportPath = 'trend-report.md';
console.log('Reading trend report from:', reportPath);
console.log('File size:', '${{ steps.verify.outputs.size }}', 'bytes');
if (!fs.existsSync(reportPath)) {
throw new Error('Trend report file not found despite verification');
}
const report = fs.readFileSync(reportPath, 'utf8');
if (!report.trim()) {
throw new Error('Trend report file is empty');
}
const hasVulnerabilities = '${{ steps.analyze.outputs.has_vulnerabilities }}' === 'true';
const trendStatus = '${{ steps.analyze.outputs.trend_status }}';
const title = `📊 Security Trend Report - ${
hasVulnerabilities ?
`⚠️ Vulnerabilities ${trendStatus}` :
'✅ No vulnerabilities'
}`;
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: title,
body: report,
labels: ['security', 'metrics', hasVulnerabilities ? 'attention-required' : 'healthy']
});
console.log('Successfully created trend report issue');
} catch (error) {
console.error('Failed to create trend report issue:', error);
core.setFailed(`Failed to create trend report issue: ${error.message}`);
}
- name: Cleanup
if: always()
shell: bash
run: |
# Remove temporary files but keep the history
rm -f trend-report.md security-trends.svg
echo "Cleaned up temporary files"