mirror of
https://github.com/ivuorinen/actions.git
synced 2026-01-26 03:23:59 +00:00
135 lines
4.4 KiB
YAML
135 lines
4.4 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
|
name: Security Trends Analysis
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows: ['Security Checks']
|
|
types:
|
|
- completed
|
|
|
|
jobs:
|
|
analyze-trends:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
issues: write
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: main
|
|
fetch-depth: 0
|
|
|
|
- name: Download latest results
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: security-reports-${{ github.event.workflow_run.id }}
|
|
path: latest-results
|
|
|
|
- name: Analyze Trends
|
|
id: analyze
|
|
uses: actions/github-script@v7
|
|
with:
|
|
script: |
|
|
const fs = require('fs');
|
|
const path = require('path');
|
|
|
|
try {
|
|
// ... [previous code remains the same until report generation]
|
|
|
|
// Generate trend report
|
|
const report = generateTrendReport(trends);
|
|
|
|
// Save report explicitly for next step
|
|
console.log('Writing trend report to file...');
|
|
fs.writeFileSync('trend-report.md', report);
|
|
console.log('Trend report saved successfully');
|
|
|
|
// Save history
|
|
fs.writeFileSync(historyFile, JSON.stringify(history, null, 2));
|
|
|
|
// Generate and save chart
|
|
const chartData = generateChartData(history);
|
|
fs.writeFileSync('security-trends.svg', chartData);
|
|
|
|
// Set outputs for other steps
|
|
core.setOutput('has_vulnerabilities',
|
|
trends.critical.current > 0 || trends.high.current > 0);
|
|
core.setOutput('trend_status',
|
|
trends.critical.trend > 0 || trends.high.trend > 0 ? 'worsening' : 'improving');
|
|
core.setOutput('report_path', 'trend-report.md');
|
|
|
|
} catch (error) {
|
|
core.setFailed(`Failed to analyze trends: ${error.message}`);
|
|
throw error;
|
|
}
|
|
|
|
- name: Verify Report File
|
|
id: verify
|
|
shell: bash
|
|
run: |
|
|
if [ ! -f "trend-report.md" ]; then
|
|
echo "::error::Trend report file not found"
|
|
echo "exists=false" >> "$GITHUB_OUTPUT"
|
|
exit 1
|
|
else
|
|
echo "exists=true" >> "$GITHUB_OUTPUT"
|
|
echo "size=$(stat -f%z trend-report.md)" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Create Trend Report Issue
|
|
if: |
|
|
github.event.workflow_run.conclusion == 'success' &&
|
|
steps.verify.outputs.exists == 'true'
|
|
uses: actions/github-script@v7
|
|
with:
|
|
script: |
|
|
try {
|
|
const fs = require('fs');
|
|
const reportPath = 'trend-report.md';
|
|
|
|
console.log('Reading trend report from:', reportPath);
|
|
console.log('File size:', '${{ steps.verify.outputs.size }}', 'bytes');
|
|
|
|
if (!fs.existsSync(reportPath)) {
|
|
throw new Error('Trend report file not found despite verification');
|
|
}
|
|
|
|
const report = fs.readFileSync(reportPath, 'utf8');
|
|
if (!report.trim()) {
|
|
throw new Error('Trend report file is empty');
|
|
}
|
|
|
|
const hasVulnerabilities = '${{ steps.analyze.outputs.has_vulnerabilities }}' === 'true';
|
|
const trendStatus = '${{ steps.analyze.outputs.trend_status }}';
|
|
|
|
const title = `📊 Security Trend Report - ${
|
|
hasVulnerabilities ?
|
|
`⚠️ Vulnerabilities ${trendStatus}` :
|
|
'✅ No vulnerabilities'
|
|
}`;
|
|
|
|
await github.rest.issues.create({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
title: title,
|
|
body: report,
|
|
labels: ['security', 'metrics', hasVulnerabilities ? 'attention-required' : 'healthy']
|
|
});
|
|
|
|
console.log('Successfully created trend report issue');
|
|
|
|
} catch (error) {
|
|
console.error('Failed to create trend report issue:', error);
|
|
core.setFailed(`Failed to create trend report issue: ${error.message}`);
|
|
}
|
|
|
|
- name: Cleanup
|
|
if: always()
|
|
shell: bash
|
|
run: |
|
|
# Remove temporary files but keep the history
|
|
rm -f trend-report.md security-trends.svg
|
|
echo "Cleaned up temporary files"
|