From 332e3e65a5d5c9fcc8e1846f6ebfa96ae9f9443e Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Tue, 29 Nov 2022 11:08:34 +0100 Subject: [PATCH 01/65] added a govulncheck workflow --- .github/workflows/govulncheck.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/govulncheck.yml diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml new file mode 100644 index 0000000000..fbf5d229d6 --- /dev/null +++ b/.github/workflows/govulncheck.yml @@ -0,0 +1,30 @@ +name: Nightly govulncheck +on: + push: + branches: + - 'shevchenko/govulncheck' +#on: +# push: +# branches: +# - main +# tags: +# - "**" +# schedule: +# - cron: '00 04 * * 2-6' +jobs: + govulncheck-tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + repository: 'DataDog/dd-trace-go' + - name: Checkout Go + uses: actions/setup-go@v3 + with: + go-version: '1.18' + - name: Install and run govulncheck + run: + - go install golang.org/x/vuln/cmd/govulncheck@latest + - govulncheck ./... + + From e41d782a212ba1be182c8977adb4b12ef82f87bf Mon Sep 17 00:00:00 2001 From: Diana Shevchenko <40775148+dianashevchenko@users.noreply.github.com> Date: Tue, 29 Nov 2022 11:12:59 +0100 Subject: [PATCH 02/65] Update govulncheck.yml --- .github/workflows/govulncheck.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index fbf5d229d6..992f6e529f 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -23,8 +23,8 @@ jobs: with: go-version: '1.18' - name: Install and run govulncheck - run: - - go install golang.org/x/vuln/cmd/govulncheck@latest - - govulncheck ./... + run: | + go install golang.org/x/vuln/cmd/govulncheck@latest + govulncheck ./... From f6a2c53be5fe6425408fdbd40d459a55f9d31084 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko <40775148+dianashevchenko@users.noreply.github.com> Date: Tue, 29 Nov 2022 15:09:12 +0100 Subject: [PATCH 03/65] Update govulncheck.yml --- .github/workflows/govulncheck.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 992f6e529f..b6181838c0 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -26,5 +26,12 @@ jobs: run: | go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./... + - name: Comment results + uses: machine-learning-apps/pr-comment@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + path: results.txt + From a804f5d6fd9127b43782ce5686bc05f5352708fb Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Tue, 29 Nov 2022 15:23:01 +0100 Subject: [PATCH 04/65] Updated workflow --- .github/workflows/govulncheck.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index b6181838c0..3b355007bf 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -25,13 +25,15 @@ jobs: - name: Install and run govulncheck run: | go install golang.org/x/vuln/cmd/govulncheck@latest - govulncheck ./... + govulncheck ./ddtrace/... - name: Comment results - uses: machine-learning-apps/pr-comment@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - path: results.txt + run: | + num=$(govulncheck ./ddtrace/... | grep "Vulnerability #" | wc -l) + if [ $num -gt 0 ]; then + echo "Found ${num} vulnerabilities" + exit 1 + fi + From 22bd20b1d15cf1c8334f2ac08abaa17fe2733bb1 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 13:43:37 +0100 Subject: [PATCH 05/65] Updated workflow --- .github/workflows/govulncheck.sh | 6 +++++ .github/workflows/govulncheck.yml | 43 ++++++++++++++++++++++--------- 2 files changed, 37 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/govulncheck.sh diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh new file mode 100644 index 0000000000..7bdb3c7f66 --- /dev/null +++ b/.github/workflows/govulncheck.sh @@ -0,0 +1,6 @@ +govulncheck $CHECK_DIR >> ddtrace_results.txt +if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then + echo "Found ${num} vulnerabilities" + echo $(cat ddtrace_results.txt | grep "Vulnerability #") + exit 1 +fi \ No newline at end of file diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 3b355007bf..5bc9220fbe 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -7,10 +7,8 @@ on: # push: # branches: # - main -# tags: -# - "**" # schedule: -# - cron: '00 04 * * 2-6' +# - cron: '00 00 * * *' jobs: govulncheck-tests: runs-on: ubuntu-latest @@ -22,17 +20,38 @@ jobs: uses: actions/setup-go@v3 with: go-version: '1.18' - - name: Install and run govulncheck + - name: Install govulncheck run: | go install golang.org/x/vuln/cmd/govulncheck@latest - govulncheck ./ddtrace/... - - name: Comment results - run: | - num=$(govulncheck ./ddtrace/... | grep "Vulnerability #" | wc -l) - if [ $num -gt 0 ]; then - echo "Found ${num} vulnerabilities" - exit 1 - fi + - name: Run govulncheck in ddtrace + env: + $CHECK_DIR: ./ddtrace/... + run: .github/workflows/govulncheck.sh +# run: | +# govulncheck ./ddtrace/... >> ddtrace_results.txt +# if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then +# echo "Found ${num} vulnerabilities" +# echo $(cat ddtrace_results.txt | grep "Vulnerability #") +# exit 1 +# fi +# - name: Run govulncheck in appsec +# if: always() +# run: | +# govulncheck ./ddtrace/... >> ddtrace_results.txt +# if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then +# echo "Found ${num} vulnerabilities" +# echo $(cat ddtrace_results.txt | grep "Vulnerability #") +# exit 1 +# fi +# - name: Run govulncheck in appsec +# if: always() +# run: | +# govulncheck ./ddtrace/... >> ddtrace_results.txt +# if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then +# echo "Found ${num} vulnerabilities" +# echo $(cat ddtrace_results.txt | grep "Vulnerability #") +# exit 1 +# fi From 2070ce724b7745200725e46d7da52ab025af7b25 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 14:40:07 +0100 Subject: [PATCH 06/65] Updated workflow --- .github/workflows/govulncheck.sh | 13 ++++---- .github/workflows/govulncheck.yml | 49 ++++++++++--------------------- 2 files changed, 24 insertions(+), 38 deletions(-) diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh index 7bdb3c7f66..d497b7b213 100644 --- a/.github/workflows/govulncheck.sh +++ b/.github/workflows/govulncheck.sh @@ -1,6 +1,9 @@ -govulncheck $CHECK_DIR >> ddtrace_results.txt -if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then - echo "Found ${num} vulnerabilities" - echo $(cat ddtrace_results.txt | grep "Vulnerability #") +function check_results { + results=$(echo $content | grep -Eo '\w+-\d+-\d+' | uniq) + if [ $(echo $results | wc -l) -gt 0 ]; then + echo "Found these vulnerabilities in $path:" + echo $results exit 1 -fi \ No newline at end of file + fi +} +content=$(govulncheck ./ddtrace/...) path=./ddtrace/... check_results \ No newline at end of file diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 5bc9220fbe..c2c08e92d3 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -23,36 +23,19 @@ jobs: - name: Install govulncheck run: | go install golang.org/x/vuln/cmd/govulncheck@latest - - name: Run govulncheck in ddtrace - env: - $CHECK_DIR: ./ddtrace/... - run: .github/workflows/govulncheck.sh -# run: | -# govulncheck ./ddtrace/... >> ddtrace_results.txt -# if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then -# echo "Found ${num} vulnerabilities" -# echo $(cat ddtrace_results.txt | grep "Vulnerability #") -# exit 1 -# fi -# - name: Run govulncheck in appsec -# if: always() -# run: | -# govulncheck ./ddtrace/... >> ddtrace_results.txt -# if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then -# echo "Found ${num} vulnerabilities" -# echo $(cat ddtrace_results.txt | grep "Vulnerability #") -# exit 1 -# fi -# - name: Run govulncheck in appsec -# if: always() -# run: | -# govulncheck ./ddtrace/... >> ddtrace_results.txt -# if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then -# echo "Found ${num} vulnerabilities" -# echo $(cat ddtrace_results.txt | grep "Vulnerability #") -# exit 1 -# fi - - - - + - name: Run govulncheck in packages + run: | + function check_results { + results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) + if [ $(echo $results | wc -l) -gt 0 ]; then + echo "Found these vulnerabilities in $path:" + echo $results + exit 1 + fi + } + path=./ddtrace/... check_results + path=./appsec/... check_results + path=./internal/... check_results + path=./contrib/... check_results + path=./profiler/... check_results + From 5f288ba2cfa8563506e8987acb558ad6f1ac4a43 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 14:46:01 +0100 Subject: [PATCH 07/65] Updated workflow --- .github/workflows/govulncheck.sh | 13 ++++++++++--- .github/workflows/govulncheck.yml | 8 +++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh index d497b7b213..614125e7aa 100644 --- a/.github/workflows/govulncheck.sh +++ b/.github/workflows/govulncheck.sh @@ -1,9 +1,16 @@ +found=0 function check_results { - results=$(echo $content | grep -Eo '\w+-\d+-\d+' | uniq) + results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $results | wc -l) -gt 0 ]; then echo "Found these vulnerabilities in $path:" echo $results - exit 1 + found=$(($found || 1)) fi } -content=$(govulncheck ./ddtrace/...) path=./ddtrace/... check_results \ No newline at end of file +path=./ddtrace/... check_results +path=./appsec/... check_results +path=./internal/... check_results +path=./contrib/... check_results +path=./profiler/... check_results + + diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index c2c08e92d3..eb95704282 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -25,12 +25,13 @@ jobs: go install golang.org/x/vuln/cmd/govulncheck@latest - name: Run govulncheck in packages run: | + found=0 function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path:" - echo $results - exit 1 + echo "Found these vulnerabilities in $path:" + echo $results + found=$(($found || 1)) fi } path=./ddtrace/... check_results @@ -39,3 +40,4 @@ jobs: path=./contrib/... check_results path=./profiler/... check_results + From 48d28faf09c5a705e405b598c7ccf1d0c1698d52 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 14:51:28 +0100 Subject: [PATCH 08/65] Updated workflow --- .github/workflows/govulncheck.sh | 9 ++++----- .github/workflows/govulncheck.yml | 5 +++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh index 614125e7aa..617d17c9c2 100644 --- a/.github/workflows/govulncheck.sh +++ b/.github/workflows/govulncheck.sh @@ -2,9 +2,9 @@ found=0 function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path:" - echo $results - found=$(($found || 1)) + echo "Found these vulnerabilities in $path:" + echo $results + found=$(($found || 1)) fi } path=./ddtrace/... check_results @@ -12,5 +12,4 @@ path=./appsec/... check_results path=./internal/... check_results path=./contrib/... check_results path=./profiler/... check_results - - +exit $found \ No newline at end of file diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index eb95704282..085df909d7 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -29,8 +29,8 @@ jobs: function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path:" - echo $results + echo "Found these vulnerabilities in $path: $results" +# echo $results found=$(($found || 1)) fi } @@ -39,5 +39,6 @@ jobs: path=./internal/... check_results path=./contrib/... check_results path=./profiler/... check_results + exit $found From e77e93f1197c2c7050696ed5d75fabce5f1df42e Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 14:56:18 +0100 Subject: [PATCH 09/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 085df909d7..b272d6a72b 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -24,13 +24,13 @@ jobs: run: | go install golang.org/x/vuln/cmd/govulncheck@latest - name: Run govulncheck in packages + shell: bash run: | found=0 function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $results | wc -l) -gt 0 ]; then echo "Found these vulnerabilities in $path: $results" -# echo $results found=$(($found || 1)) fi } From 7a698ce9be418be2755392029220cdda2649712c Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:00:25 +0100 Subject: [PATCH 10/65] Updated workflow --- .github/workflows/govulncheck.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index b272d6a72b..abb73f8704 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -34,11 +34,11 @@ jobs: found=$(($found || 1)) fi } - path=./ddtrace/... check_results - path=./appsec/... check_results - path=./internal/... check_results - path=./contrib/... check_results - path=./profiler/... check_results + echo $(path=./ddtrace/... check_results) + echo $(path=./appsec/... check_results) + echo $(path=./internal/... check_results) + echo $(path=./contrib/... check_results) + echo $(path=./profiler/... check_results) exit $found From b2853f44c15aca3e9a10f764261e93909bec7fae Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:01:28 +0100 Subject: [PATCH 11/65] Updated workflow --- .github/workflows/govulncheck.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index abb73f8704..05d4508de9 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -30,15 +30,15 @@ jobs: function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path: $results" + echo "Found these vulnerabilities in $path: $results" >&2 found=$(($found || 1)) fi } - echo $(path=./ddtrace/... check_results) - echo $(path=./appsec/... check_results) - echo $(path=./internal/... check_results) - echo $(path=./contrib/... check_results) - echo $(path=./profiler/... check_results) + path=./ddtrace/... check_results + path=./appsec/... check_results + path=./internal/... check_results + path=./contrib/... check_results + path=./profiler/... check_results exit $found From 11a8ed52155971fcccad0e3fe7c2f2535df6dd35 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:09:56 +0100 Subject: [PATCH 12/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 05d4508de9..2bdf1b4985 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -34,7 +34,7 @@ jobs: found=$(($found || 1)) fi } - path=./ddtrace/... check_results + echo $((path=./ddtrace/... check_results)) path=./appsec/... check_results path=./internal/... check_results path=./contrib/... check_results From d3265063f2e4357dce3d028422a94a7189dd0fb0 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:19:36 +0100 Subject: [PATCH 13/65] Updated workflow --- .github/workflows/govulncheck.sh | 2 +- .github/workflows/govulncheck.yml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh index 617d17c9c2..eb848a67f3 100644 --- a/.github/workflows/govulncheck.sh +++ b/.github/workflows/govulncheck.sh @@ -2,7 +2,7 @@ found=0 function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path:" + echo "Found these vulnerabilities in $path: $results" >&2 echo $results found=$(($found || 1)) fi diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 2bdf1b4985..568ce828ae 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -30,11 +30,12 @@ jobs: function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path: $results" >&2 + echo "Found these vulnerabilities in $path:" + echo $results found=$(($found || 1)) fi } - echo $((path=./ddtrace/... check_results)) + path=./ddtrace/... check_results path=./appsec/... check_results path=./internal/... check_results path=./contrib/... check_results From 6992788af6f1eef0a4a81fafd14fa93cd88d9e40 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:21:23 +0100 Subject: [PATCH 14/65] Updated workflow --- .github/workflows/govulncheck.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 568ce828ae..abb73f8704 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -30,16 +30,15 @@ jobs: function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path:" - echo $results + echo "Found these vulnerabilities in $path: $results" found=$(($found || 1)) fi } - path=./ddtrace/... check_results - path=./appsec/... check_results - path=./internal/... check_results - path=./contrib/... check_results - path=./profiler/... check_results + echo $(path=./ddtrace/... check_results) + echo $(path=./appsec/... check_results) + echo $(path=./internal/... check_results) + echo $(path=./contrib/... check_results) + echo $(path=./profiler/... check_results) exit $found From a38d284a946bc616752fad59674b637f00e251cc Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:27:03 +0100 Subject: [PATCH 15/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index abb73f8704..191f2c1c50 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -29,9 +29,11 @@ jobs: found=0 function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) + echo $results if [ $(echo $results | wc -l) -gt 0 ]; then echo "Found these vulnerabilities in $path: $results" found=$(($found || 1)) + return $results fi } echo $(path=./ddtrace/... check_results) From ccb905ebd5276167b5bd7f3c733034b65c0aab3b Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:38:14 +0100 Subject: [PATCH 16/65] Updated workflow --- .github/workflows/govulncheck.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 191f2c1c50..57bfaf6b32 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -28,13 +28,13 @@ jobs: run: | found=0 function check_results { - results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) - echo $results - if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path: $results" + govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq >> results.txt + export RESULTS=$(echo results.txt | wc -l) + if [ $(echo $RESULTS | wc -l) -gt 0 ]; then + echo "Found these vulnerabilities in $path: $RESULTS" found=$(($found || 1)) - return $results fi + return $RESULTS } echo $(path=./ddtrace/... check_results) echo $(path=./appsec/... check_results) From b76dd48efa34a65f4429132d35a3c0d5b3e3a23d Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:39:19 +0100 Subject: [PATCH 17/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 57bfaf6b32..cbe942c6ae 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -29,7 +29,7 @@ jobs: found=0 function check_results { govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq >> results.txt - export RESULTS=$(echo results.txt | wc -l) + export RESULTS=$(echo results.txt) if [ $(echo $RESULTS | wc -l) -gt 0 ]; then echo "Found these vulnerabilities in $path: $RESULTS" found=$(($found || 1)) From 2ee7fec2ee10623511c286557736edb797aaaae0 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:40:34 +0100 Subject: [PATCH 18/65] Updated workflow --- .github/workflows/govulncheck.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index cbe942c6ae..2a3ab21e83 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -28,8 +28,7 @@ jobs: run: | found=0 function check_results { - govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq >> results.txt - export RESULTS=$(echo results.txt) + export RESULTS=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $RESULTS | wc -l) -gt 0 ]; then echo "Found these vulnerabilities in $path: $RESULTS" found=$(($found || 1)) From b8e671905d8e3235105afabc718228cdaa34a46d Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:50:37 +0100 Subject: [PATCH 19/65] Updated workflow --- .github/workflows/govulncheck.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 2a3ab21e83..49f9c2a39e 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -25,21 +25,24 @@ jobs: go install golang.org/x/vuln/cmd/govulncheck@latest - name: Run govulncheck in packages shell: bash + id: run_govulncheck run: | found=0 function check_results { - export RESULTS=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) + RESULTS=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $RESULTS | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path: $RESULTS" + echo "Found these vulnerabilities in $path: $RESULTS" >> $GITHUB_OUTPUT found=$(($found || 1)) fi - return $RESULTS } - echo $(path=./ddtrace/... check_results) - echo $(path=./appsec/... check_results) - echo $(path=./internal/... check_results) - echo $(path=./contrib/... check_results) - echo $(path=./profiler/... check_results) + path=./ddtrace/... check_results + path=./appsec/... check_results + path=./internal/... check_results + path=./contrib/... check_results + path=./profiler/... check_results exit $found + - name: Print + run: | + echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} From 6096bc5ab70f694bf6ad18a7f323e5e320cb9fa2 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:51:44 +0100 Subject: [PATCH 20/65] Updated workflow --- .github/workflows/govulncheck.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 49f9c2a39e..8b2f69af02 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -27,12 +27,12 @@ jobs: shell: bash id: run_govulncheck run: | - found=0 + FOUND=0 function check_results { RESULTS=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $RESULTS | wc -l) -gt 0 ]; then echo "Found these vulnerabilities in $path: $RESULTS" >> $GITHUB_OUTPUT - found=$(($found || 1)) + export FOUND=$(($found || 1)) fi } path=./ddtrace/... check_results @@ -40,9 +40,9 @@ jobs: path=./internal/... check_results path=./contrib/... check_results path=./profiler/... check_results - exit $found - name: Print run: | echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} + exit $FOUND From b69b45db732bbdfda870d30dd8b39d3beaf9e725 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 15:55:12 +0100 Subject: [PATCH 21/65] Updated workflow --- .github/workflows/govulncheck.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 8b2f69af02..d416031305 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -29,17 +29,17 @@ jobs: run: | FOUND=0 function check_results { - RESULTS=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) - if [ $(echo $RESULTS | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path: $RESULTS" >> $GITHUB_OUTPUT - export FOUND=$(($found || 1)) +# RESULTS=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) + if [ $(echo $(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) | wc -l) -gt 0 ]; then + echo $(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) >> $GITHUB_OUTPUT + export FOUND=$(($FOUND || 1)) fi } - path=./ddtrace/... check_results - path=./appsec/... check_results - path=./internal/... check_results - path=./contrib/... check_results - path=./profiler/... check_results +# path=./ddtrace/... check_results +# path=./appsec/... check_results +# path=./internal/... check_results +# path=./contrib/... check_results +# path=./profiler/... check_results - name: Print run: | echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} From f40f2ba95f60d4663cbb42b86abf8d7e050c32ce Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 16:00:43 +0100 Subject: [PATCH 22/65] Updated workflow --- .github/workflows/govulncheck.yml | 53 ++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 19 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index d416031305..2362ce735c 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -27,22 +27,37 @@ jobs: shell: bash id: run_govulncheck run: | - FOUND=0 - function check_results { -# RESULTS=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) - if [ $(echo $(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) | wc -l) -gt 0 ]; then - echo $(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) >> $GITHUB_OUTPUT - export FOUND=$(($FOUND || 1)) - fi - } -# path=./ddtrace/... check_results -# path=./appsec/... check_results -# path=./internal/... check_results -# path=./contrib/... check_results -# path=./profiler/... check_results - - name: Print - run: | - echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} - exit $FOUND - - + RESULTS=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq) + if [ $(echo $RESULTS | wc -l) -gt 0 ]; then + echo "Found $(echo $RESULTS | wc -l )vulnerabilities: $RESULTS" + exit + fi +# - name: Print +# run: | +# echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} +# exit $FOUND +# +# +# - name: Run govulncheck in packages +# shell: bash +# id: run_govulncheck +# run: | +# FOUND=0 +# function check_results { +# # RESULTS=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) +# if [ $(echo $(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) | wc -l) -gt 0 ]; then +# echo $(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) >> $GITHUB_OUTPUT +# export FOUND=$(($FOUND || 1)) +# fi +# } +# # path=./ddtrace/... check_results +# # path=./appsec/... check_results +# # path=./internal/... check_results +# # path=./contrib/... check_results +# # path=./profiler/... check_results +# - name: Print +# run: | +# echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} +# exit $FOUND +# +# From bcf94a97560af0d9b4b037022a3c1a8bb4914e64 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 16:04:23 +0100 Subject: [PATCH 23/65] Updated workflow --- .github/workflows/govulncheck.sh | 19 ++++--------------- .github/workflows/govulncheck.yml | 3 +-- 2 files changed, 5 insertions(+), 17 deletions(-) diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh index eb848a67f3..fd0345dca2 100644 --- a/.github/workflows/govulncheck.sh +++ b/.github/workflows/govulncheck.sh @@ -1,15 +1,4 @@ -found=0 -function check_results { - results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) - if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path: $results" >&2 - echo $results - found=$(($found || 1)) - fi -} -path=./ddtrace/... check_results -path=./appsec/... check_results -path=./internal/... check_results -path=./contrib/... check_results -path=./profiler/... check_results -exit $found \ No newline at end of file +govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq >> results.txt +if [ $(cat results.txt | wc -l) -gt 0 ]; then + echo "Found $(echo $RESULTS | wc -l )vulnerabilities: $RESULTS" +fi \ No newline at end of file diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 2362ce735c..e01baf0e16 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -29,8 +29,7 @@ jobs: run: | RESULTS=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $RESULTS | wc -l) -gt 0 ]; then - echo "Found $(echo $RESULTS | wc -l )vulnerabilities: $RESULTS" - exit + echo "Found $(echo $RESULTS | wc -l) vulnerabilities: $RESULTS" fi # - name: Print # run: | From ace742b89abe027ab94ad83b5ae63e5d5699a43d Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Thu, 1 Dec 2022 16:11:22 +0100 Subject: [PATCH 24/65] Updated workflow --- .github/workflows/govulncheck.sh | 7 ++++--- .github/workflows/govulncheck.yml | 5 ++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh index fd0345dca2..20ff261b3e 100644 --- a/.github/workflows/govulncheck.sh +++ b/.github/workflows/govulncheck.sh @@ -1,4 +1,5 @@ -govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq >> results.txt -if [ $(cat results.txt | wc -l) -gt 0 ]; then - echo "Found $(echo $RESULTS | wc -l )vulnerabilities: $RESULTS" +RESULTS=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq) +n=$(echo $RESULTS | wc -l) +if [ $n -gt 0 ]; then + echo "Found $n vulnerabilities: $RESULTS" fi \ No newline at end of file diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index e01baf0e16..a14582a612 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -29,8 +29,11 @@ jobs: run: | RESULTS=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq) if [ $(echo $RESULTS | wc -l) -gt 0 ]; then - echo "Found $(echo $RESULTS | wc -l) vulnerabilities: $RESULTS" + echo "Found $(echo $RESULTS | wc -l) vulnerabilities: $RESULTS" >> $GITHUB_OUTPUT fi + - name: Slack Notification + run: | + echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} # - name: Print # run: | # echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} From 6f3ac191c16bbc89fb9d33acf0c3e02e223ffdcf Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 10:46:32 +0100 Subject: [PATCH 25/65] Updated workflow --- .github/workflows/govulncheck.yml | 46 +++++-------------------------- 1 file changed, 7 insertions(+), 39 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index a14582a612..450efd7f63 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -23,43 +23,11 @@ jobs: - name: Install govulncheck run: | go install golang.org/x/vuln/cmd/govulncheck@latest - - name: Run govulncheck in packages - shell: bash - id: run_govulncheck + - name: Comment results run: | - RESULTS=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq) - if [ $(echo $RESULTS | wc -l) -gt 0 ]; then - echo "Found $(echo $RESULTS | wc -l) vulnerabilities: $RESULTS" >> $GITHUB_OUTPUT - fi - - name: Slack Notification - run: | - echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} -# - name: Print -# run: | -# echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} -# exit $FOUND -# -# -# - name: Run govulncheck in packages -# shell: bash -# id: run_govulncheck -# run: | -# FOUND=0 -# function check_results { -# # RESULTS=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) -# if [ $(echo $(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) | wc -l) -gt 0 ]; then -# echo $(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) >> $GITHUB_OUTPUT -# export FOUND=$(($FOUND || 1)) -# fi -# } -# # path=./ddtrace/... check_results -# # path=./appsec/... check_results -# # path=./internal/... check_results -# # path=./contrib/... check_results -# # path=./profiler/... check_results -# - name: Print -# run: | -# echo ${{join(steps.run_govulncheck.outputs.*, '\n')}} -# exit $FOUND -# -# + num=$(govulncheck ./ddtrace/... | grep "Vulnerability #" | wc -l) + v=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq ) + if [ $num -gt 0 ]; then + echo "Found ${num} vulnerabilities: ${v}" + exit 1 + fi \ No newline at end of file From 8a0ca93ab63d5b7b5bfdad47cd38c71c47222f36 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 10:48:54 +0100 Subject: [PATCH 26/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 450efd7f63..4d89ae4086 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -28,6 +28,6 @@ jobs: num=$(govulncheck ./ddtrace/... | grep "Vulnerability #" | wc -l) v=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq ) if [ $num -gt 0 ]; then - echo "Found ${num} vulnerabilities: ${v}" + echo "Found ${num} vulnerabilities: ${v}" >> $GITHUB_STEP_SUMMARY exit 1 fi \ No newline at end of file From c9ccfac6446c51295f57e3f3621ccd7c1198b6f0 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 11:01:02 +0100 Subject: [PATCH 27/65] Updated workflow --- .github/workflows/govulncheck.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 4d89ae4086..6a0ee7508f 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -26,8 +26,13 @@ jobs: - name: Comment results run: | num=$(govulncheck ./ddtrace/... | grep "Vulnerability #" | wc -l) - v=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq ) + v=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',') if [ $num -gt 0 ]; then - echo "Found ${num} vulnerabilities: ${v}" >> $GITHUB_STEP_SUMMARY + echo "Found ${num} vulnerabilities" + echo "$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_STEP_SUMMARY + echo "$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_ENV exit 1 - fi \ No newline at end of file + fi + - name: testing the GH_env + run: | + echo $GITHUB_ENV \ No newline at end of file From 7b4a7d3574523e50cc30a124b6fc27d5d1a10a31 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 12:36:25 +0100 Subject: [PATCH 28/65] Updated workflow --- .github/workflows/govulncheck.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 6a0ee7508f..a4166e1119 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -24,15 +24,24 @@ jobs: run: | go install golang.org/x/vuln/cmd/govulncheck@latest - name: Comment results + id: govulncheck run: | num=$(govulncheck ./ddtrace/... | grep "Vulnerability #" | wc -l) v=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',') if [ $num -gt 0 ]; then echo "Found ${num} vulnerabilities" echo "$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_STEP_SUMMARY + echo 'VULNERABILITIES<> $GITHUB_ENV echo "$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + echo "VULNERABILITIES_1=green" >> $GITHUB_OUTPUT + echo "VULNERABILITIES=green" >> $GITHUB_OUTPUT exit 1 fi - name: testing the GH_env run: | - echo $GITHUB_ENV \ No newline at end of file + echo $GITHUB_ENV + echo "VULNERABILITIES_1 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" + echo "VULNERABILITIES_1 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" + echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" + echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" \ No newline at end of file From ff22c445042b9cddce09b66d107cbcabf84bff2f Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 12:41:05 +0100 Subject: [PATCH 29/65] Updated workflow --- .github/workflows/govulncheck.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index a4166e1119..a437863f1a 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -39,9 +39,15 @@ jobs: exit 1 fi - name: testing the GH_env + if: always() run: | - echo $GITHUB_ENV echo "VULNERABILITIES_1 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" echo "VULNERABILITIES_1 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" - echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" \ No newline at end of file + echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" + - name: testing the artifact + run: | + govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' + with: + name: vulnerabilities-report + path: output/vulnerabilities-report.txt From f56214d8df7c6ca138962a1a1ad1cfcc4fbd189e Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 12:42:17 +0100 Subject: [PATCH 30/65] Updated workflow --- .github/workflows/govulncheck.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index a437863f1a..27e67d6c2a 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -46,8 +46,9 @@ jobs: echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" - name: testing the artifact - run: | - govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' + uses: actions/upload-artifact@v3 with: name: vulnerabilities-report path: output/vulnerabilities-report.txt + run: | + govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' From 1849d70c9c4ede21e5999b1fcda32cea1642787b Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 12:45:26 +0100 Subject: [PATCH 31/65] Updated workflow --- .github/workflows/govulncheck.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 27e67d6c2a..4e00df3faf 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -38,6 +38,9 @@ jobs: echo "VULNERABILITIES=green" >> $GITHUB_OUTPUT exit 1 fi + - name: testing the GH_summary + run: | + echo ${{join(steps.govulncheck.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY - name: testing the GH_env if: always() run: | @@ -45,10 +48,3 @@ jobs: echo "VULNERABILITIES_1 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" - - name: testing the artifact - uses: actions/upload-artifact@v3 - with: - name: vulnerabilities-report - path: output/vulnerabilities-report.txt - run: | - govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' From a2dbb62ff77b5372be5f68504c87e8a5e4d17ffc Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 12:48:37 +0100 Subject: [PATCH 32/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 4e00df3faf..e55b201a60 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -36,6 +36,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV echo "VULNERABILITIES_1=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES=green" >> $GITHUB_OUTPUT + echo VULNERABILITIES_3=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_OUTPUT exit 1 fi - name: testing the GH_summary @@ -48,3 +49,4 @@ jobs: echo "VULNERABILITIES_1 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" + echo "VULNERABILITIES_3 is ${{ steps.govulncheck.outputs.VULNERABILITIES_3 }}" From e76f7fc25540199605f04375d36653cadf30d87b Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 12:49:38 +0100 Subject: [PATCH 33/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index e55b201a60..aaebba6b76 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -36,7 +36,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV echo "VULNERABILITIES_1=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES=green" >> $GITHUB_OUTPUT - echo VULNERABILITIES_3=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_OUTPUT + echo "VULNERABILITIES_3=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_OUTPUT exit 1 fi - name: testing the GH_summary From 357b38adf0b72f1245742535527e49d079972596 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 12:54:40 +0100 Subject: [PATCH 34/65] Updated workflow --- .github/workflows/govulncheck.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index aaebba6b76..65a373f606 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -50,3 +50,20 @@ jobs: echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" echo "VULNERABILITIES_3 is ${{ steps.govulncheck.outputs.VULNERABILITIES_3 }}" + - name: Set the value + id: step_one + run: | + echo "FOO=$(git status)" >> $GITHUB_ENV + echo "VULN=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ','))" >> $GITHUB_ENV + - name: Use the value + id: step_two + run: | + echo "${{ env.FOO }}" + echo "${{ env.VULN }}" + echo "is ${{ steps.step_one.FOO }}" + echo "is ${{ steps.step_one.VULN }}" + + - name: Use the value + id: step_two + run: | + echo "${{ env.action_state }}" From 539c43078f038257b54ec8cbd0dcc10992156892 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko <40775148+dianashevchenko@users.noreply.github.com> Date: Fri, 2 Dec 2022 12:55:35 +0100 Subject: [PATCH 35/65] Update govulncheck.yml --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 65a373f606..acc630efa4 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -64,6 +64,6 @@ jobs: echo "is ${{ steps.step_one.VULN }}" - name: Use the value - id: step_two + id: step_three run: | echo "${{ env.action_state }}" From a594af2ff0baa95792270ef772e1184d13be096b Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 12:57:36 +0100 Subject: [PATCH 36/65] Updated workflow --- .github/workflows/govulncheck.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index acc630efa4..8a13fa67d5 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -37,7 +37,6 @@ jobs: echo "VULNERABILITIES_1=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES_3=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_OUTPUT - exit 1 fi - name: testing the GH_summary run: | From 3ad08e00ddab6acd15c52855f38e60a426633a65 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:01:17 +0100 Subject: [PATCH 37/65] Updated workflow --- .github/workflows/govulncheck.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 8a13fa67d5..13b07b3e27 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -37,10 +37,11 @@ jobs: echo "VULNERABILITIES_1=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES_3=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_OUTPUT + echo "VULNERABILITIES_4=$(echo "VULNERABILITIES_4")" >> $GITHUB_OUTPUT fi - name: testing the GH_summary run: | - echo ${{join(steps.govulncheck.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY + echo ${{join(steps.cho "FOO=$(git status)" >> $GITHUB_EN.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY - name: testing the GH_env if: always() run: | @@ -49,6 +50,7 @@ jobs: echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" echo "VULNERABILITIES_3 is ${{ steps.govulncheck.outputs.VULNERABILITIES_3 }}" + echo "VULNERABILITIES_4 is ${{ steps.govulncheck.outputs.VULNERABILITIES_3 }}" - name: Set the value id: step_one run: | @@ -57,8 +59,6 @@ jobs: - name: Use the value id: step_two run: | - echo "${{ env.FOO }}" - echo "${{ env.VULN }}" echo "is ${{ steps.step_one.FOO }}" echo "is ${{ steps.step_one.VULN }}" From 2b0898e26b1bf07ea373384411f3e1c97caca15a Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:03:42 +0100 Subject: [PATCH 38/65] Updated workflow --- .github/workflows/govulncheck.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 13b07b3e27..ec7bcb02ec 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -41,7 +41,7 @@ jobs: fi - name: testing the GH_summary run: | - echo ${{join(steps.cho "FOO=$(git status)" >> $GITHUB_EN.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY + echo ${{join(steps.govulncheck.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY - name: testing the GH_env if: always() run: | @@ -54,12 +54,11 @@ jobs: - name: Set the value id: step_one run: | - echo "FOO=$(git status)" >> $GITHUB_ENV echo "VULN=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ','))" >> $GITHUB_ENV - name: Use the value id: step_two run: | - echo "is ${{ steps.step_one.FOO }}" + echo "${{ env.VULN }}" echo "is ${{ steps.step_one.VULN }}" - name: Use the value From 0844ee93d4fd526c831d3f2aec3d4c64e084066f Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:05:22 +0100 Subject: [PATCH 39/65] Updated workflow --- .github/workflows/govulncheck.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index ec7bcb02ec..94f55d7eaa 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -37,7 +37,7 @@ jobs: echo "VULNERABILITIES_1=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES_3=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_OUTPUT - echo "VULNERABILITIES_4=$(echo "VULNERABILITIES_4")" >> $GITHUB_OUTPUT + echo "VULNERABILITIES_4=$(echo $(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')")" >> $GITHUB_OUTPUT fi - name: testing the GH_summary run: | @@ -50,7 +50,7 @@ jobs: echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" echo "VULNERABILITIES_3 is ${{ steps.govulncheck.outputs.VULNERABILITIES_3 }}" - echo "VULNERABILITIES_4 is ${{ steps.govulncheck.outputs.VULNERABILITIES_3 }}" + echo "VULNERABILITIES_4 is ${{ steps.govulncheck.outputs.VULNERABILITIES_4 }}" - name: Set the value id: step_one run: | From 45c809ccb87f1b470cb8d54155ef1886c9019aad Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:06:33 +0100 Subject: [PATCH 40/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 94f55d7eaa..0709e0b58c 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -37,7 +37,7 @@ jobs: echo "VULNERABILITIES_1=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES=green" >> $GITHUB_OUTPUT echo "VULNERABILITIES_3=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_OUTPUT - echo "VULNERABILITIES_4=$(echo $(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')")" >> $GITHUB_OUTPUT + echo "VULNERABILITIES_4=$(echo "$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')")" >> $GITHUB_OUTPUT fi - name: testing the GH_summary run: | From cef392494bf18a5023029428d279bbfc6852d119 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:11:46 +0100 Subject: [PATCH 41/65] Updated workflow --- .github/workflows/govulncheck.yml | 52 +++++++++---------------------- 1 file changed, 14 insertions(+), 38 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 0709e0b58c..cdad2c7884 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -26,42 +26,18 @@ jobs: - name: Comment results id: govulncheck run: | - num=$(govulncheck ./ddtrace/... | grep "Vulnerability #" | wc -l) - v=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',') - if [ $num -gt 0 ]; then - echo "Found ${num} vulnerabilities" - echo "$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_STEP_SUMMARY - echo 'VULNERABILITIES<> $GITHUB_ENV - echo "$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV - echo "VULNERABILITIES_1=green" >> $GITHUB_OUTPUT - echo "VULNERABILITIES=green" >> $GITHUB_OUTPUT - echo "VULNERABILITIES_3=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')" >> $GITHUB_OUTPUT - echo "VULNERABILITIES_4=$(echo "$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',')")" >> $GITHUB_OUTPUT - fi - - name: testing the GH_summary - run: | + function check_results { + results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) + num=$(echo $results | wc -l) + if [ $num -gt 0 ]; then + echo "Found $num vulnerabilities in $path. Run govulncheck $path to find out more" >> $GITHUB_OUTPUT + found=$(($found || 1)) + fi + } + path=./ddtrace/... check_results + path=./appsec/... check_results + path=./internal/... check_results + path=./contrib/... check_results + path=./profiler/... check_results echo ${{join(steps.govulncheck.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY - - name: testing the GH_env - if: always() - run: | - echo "VULNERABILITIES_1 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" - echo "VULNERABILITIES_1 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" - echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES }}" - echo "VULNERABILITIES_2 is ${{ steps.govulncheck.outputs.VULNERABILITIES_1 }}" - echo "VULNERABILITIES_3 is ${{ steps.govulncheck.outputs.VULNERABILITIES_3 }}" - echo "VULNERABILITIES_4 is ${{ steps.govulncheck.outputs.VULNERABILITIES_4 }}" - - name: Set the value - id: step_one - run: | - echo "VULN=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ','))" >> $GITHUB_ENV - - name: Use the value - id: step_two - run: | - echo "${{ env.VULN }}" - echo "is ${{ steps.step_one.VULN }}" - - - name: Use the value - id: step_three - run: | - echo "${{ env.action_state }}" + exit $found From 0ed59fab88dfebd006954c01a0c712cec75d7666 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:18:22 +0100 Subject: [PATCH 42/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index cdad2c7884..ccae7c8e6b 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -31,7 +31,7 @@ jobs: num=$(echo $results | wc -l) if [ $num -gt 0 ]; then echo "Found $num vulnerabilities in $path. Run govulncheck $path to find out more" >> $GITHUB_OUTPUT - found=$(($found || 1)) + found=$(( found | 1)) fi } path=./ddtrace/... check_results From d65cfc38683de6760f69e4c659ce3af9e23faad9 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:20:59 +0100 Subject: [PATCH 43/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index ccae7c8e6b..3a4d284ac2 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -37,7 +37,7 @@ jobs: path=./ddtrace/... check_results path=./appsec/... check_results path=./internal/... check_results - path=./contrib/... check_results +# path=./contrib/... check_results path=./profiler/... check_results echo ${{join(steps.govulncheck.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY exit $found From d82368c0a13ba2ae409bc4b8ab3906131dae50a7 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:21:25 +0100 Subject: [PATCH 44/65] Updated workflow --- .github/workflows/govulncheck.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 3a4d284ac2..0f44221258 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -37,7 +37,7 @@ jobs: path=./ddtrace/... check_results path=./appsec/... check_results path=./internal/... check_results -# path=./contrib/... check_results path=./profiler/... check_results echo ${{join(steps.govulncheck.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY - exit $found + exit $found +# path=./contrib/... check_results From bfcc8a00aa4270048c208c8347200db5671e1983 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:22:54 +0100 Subject: [PATCH 45/65] Updated workflow --- .github/workflows/govulncheck.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 0f44221258..6c90c21424 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -30,8 +30,8 @@ jobs: results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) num=$(echo $results | wc -l) if [ $num -gt 0 ]; then - echo "Found $num vulnerabilities in $path. Run govulncheck $path to find out more" >> $GITHUB_OUTPUT - found=$(( found | 1)) + echo "Found $num vulnerabilities in $path. Run govulncheck $path to find out more" >> $GITHUB_OUTPUT + found=$(( found | 1)) fi } path=./ddtrace/... check_results From c815ef91b85b6721bed06b058a419aa2581741e0 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:24:13 +0100 Subject: [PATCH 46/65] Updated workflow --- .github/workflows/govulncheck.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 6c90c21424..3d676bb629 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -30,7 +30,7 @@ jobs: results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) num=$(echo $results | wc -l) if [ $num -gt 0 ]; then - echo "Found $num vulnerabilities in $path. Run govulncheck $path to find out more" >> $GITHUB_OUTPUT + echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" found=$(( found | 1)) fi } @@ -38,6 +38,5 @@ jobs: path=./appsec/... check_results path=./internal/... check_results path=./profiler/... check_results - echo ${{join(steps.govulncheck.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY - exit $found +# exit $found # path=./contrib/... check_results From caaa3c777ac88ad41dc576db63b29b3506a71e20 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:26:43 +0100 Subject: [PATCH 47/65] Updated workflow --- .github/workflows/govulncheck.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 3d676bb629..a84c2ee6de 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -24,13 +24,14 @@ jobs: run: | go install golang.org/x/vuln/cmd/govulncheck@latest - name: Comment results - id: govulncheck + id: results run: | function check_results { results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) num=$(echo $results | wc -l) if [ $num -gt 0 ]; then echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" + echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_OUTPUT found=$(( found | 1)) fi } @@ -38,5 +39,6 @@ jobs: path=./appsec/... check_results path=./internal/... check_results path=./profiler/... check_results + echo "${{join(steps.results.outputs.*, '\n')}}" >> $GITHUB_STEP_SUMMARY # exit $found # path=./contrib/... check_results From 1dea7b71d30b88aa39cd34d5bb31c1e66b8be701 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:37:04 +0100 Subject: [PATCH 48/65] Updated workflow --- .github/workflows/govulncheck.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index a84c2ee6de..e459d32ce3 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -32,6 +32,7 @@ jobs: if [ $num -gt 0 ]; then echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_OUTPUT + echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_STEP_SUMMARY found=$(( found | 1)) fi } @@ -39,6 +40,6 @@ jobs: path=./appsec/... check_results path=./internal/... check_results path=./profiler/... check_results - echo "${{join(steps.results.outputs.*, '\n')}}" >> $GITHUB_STEP_SUMMARY +# echo "${{join(steps.results.outputs.*, '\n')}}" >> $GITHUB_STEP_SUMMARY # exit $found # path=./contrib/... check_results From c946a6d152e454c89242c4b8a113277ab3f1b812 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:39:11 +0100 Subject: [PATCH 49/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index e459d32ce3..96faa6ef4c 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -36,10 +36,12 @@ jobs: found=$(( found | 1)) fi } + echo "text<> $GITHUB_OUTPUT path=./ddtrace/... check_results path=./appsec/... check_results path=./internal/... check_results path=./profiler/... check_results + echo "EOF" >> $GITHUB_OUTPUT # echo "${{join(steps.results.outputs.*, '\n')}}" >> $GITHUB_STEP_SUMMARY # exit $found # path=./contrib/... check_results From a3e6ede407c7ec9a86b9556db8edf0eea2b478ba Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:49:56 +0100 Subject: [PATCH 50/65] Updated workflow --- .github/workflows/govulncheck.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 96faa6ef4c..46fa17f289 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -30,18 +30,14 @@ jobs: results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) num=$(echo $results | wc -l) if [ $num -gt 0 ]; then - echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" - echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_OUTPUT echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_STEP_SUMMARY found=$(( found | 1)) fi } - echo "text<> $GITHUB_OUTPUT path=./ddtrace/... check_results path=./appsec/... check_results path=./internal/... check_results path=./profiler/... check_results - echo "EOF" >> $GITHUB_OUTPUT + exit $found # echo "${{join(steps.results.outputs.*, '\n')}}" >> $GITHUB_STEP_SUMMARY -# exit $found # path=./contrib/... check_results From ecded0ebb5cbfd95ec7a151bb9b35d067456bc07 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:51:08 +0100 Subject: [PATCH 51/65] Updated workflow --- .github/workflows/govulncheck.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 46fa17f289..bd93dbdcc1 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -31,6 +31,7 @@ jobs: num=$(echo $results | wc -l) if [ $num -gt 0 ]; then echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_STEP_SUMMARY + echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" found=$(( found | 1)) fi } From ae66557208e7cab7fa43360740d6121c80275c85 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 13:54:55 +0100 Subject: [PATCH 52/65] Updated workflow --- .github/workflows/govulncheck.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index bd93dbdcc1..b9464c0e3e 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -2,13 +2,9 @@ name: Nightly govulncheck on: push: branches: - - 'shevchenko/govulncheck' -#on: -# push: -# branches: -# - main -# schedule: -# - cron: '00 00 * * *' + - main + schedule: + - cron: '00 00 * * *' jobs: govulncheck-tests: runs-on: ubuntu-latest @@ -40,5 +36,3 @@ jobs: path=./internal/... check_results path=./profiler/... check_results exit $found -# echo "${{join(steps.results.outputs.*, '\n')}}" >> $GITHUB_STEP_SUMMARY -# path=./contrib/... check_results From 264cb6c4b3a939bbc9c84e84f367c7624a6b0aa7 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Fri, 2 Dec 2022 15:05:12 +0100 Subject: [PATCH 53/65] Updated workflow --- .github/workflows/govulncheck.sh | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 .github/workflows/govulncheck.sh diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh deleted file mode 100644 index 20ff261b3e..0000000000 --- a/.github/workflows/govulncheck.sh +++ /dev/null @@ -1,5 +0,0 @@ -RESULTS=$(govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq) -n=$(echo $RESULTS | wc -l) -if [ $n -gt 0 ]; then - echo "Found $n vulnerabilities: $RESULTS" -fi \ No newline at end of file From 9c8d1b769ca05bb7563b7c614e1473fbb31e9951 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 12:29:49 +0100 Subject: [PATCH 54/65] added gitlab workflow --- .gitlab/govulncheck.yml | 9 +++++++++ .gitlab/scripts/govulncheck.sh | 21 +++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 .gitlab/govulncheck.yml create mode 100644 .gitlab/scripts/govulncheck.sh diff --git a/.gitlab/govulncheck.yml b/.gitlab/govulncheck.yml new file mode 100644 index 0000000000..a9d97d6f7e --- /dev/null +++ b/.gitlab/govulncheck.yml @@ -0,0 +1,9 @@ +govulncheck: + stage: govulncheck + image: registry.ddbuild.io/images/mirror/golang:1.18 + # timeout: 1h + only: + refs: + - shevchenko/govulncheck + script: + - ./.gitlab/scripts/run-govulncheck.sh diff --git a/.gitlab/scripts/govulncheck.sh b/.gitlab/scripts/govulncheck.sh new file mode 100644 index 0000000000..e597df92e3 --- /dev/null +++ b/.gitlab/scripts/govulncheck.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +go install golang.org/x/vuln/cmd/govulncheck@latest + +function check_results { + results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ' ') + if [ $(echo $results | wc -l) -gt 0 ]; then + echo "Found these vulnerabilities in $path: $results" + echo "Found these vulnerabilities in $path: $results" >> full_results.txt + fi +} +path=./ddtrace/... check_results +path=./appsec/... check_results +path=./internal/... check_results +path=./contrib/... check_results +path=./profiler/... check_results + +echo full_results.txt | /usr/local/bin/pr-commenter --for-repo="$CI_PROJECT_NAME" --for-pr="$CI_COMMIT_REF_NAME" --header="Vulnerability report" + + + From ec1b3b3d9138ece803ebdb5afd4eba435c6541d0 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 12:35:57 +0100 Subject: [PATCH 55/65] updated .gitlab-ci.yml --- .gitlab-ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b5c7ae836f..22e9d78fe7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,7 @@ stages: - benchmarks + - govulncheck -include: ".gitlab/benchmarks.yml" +include: + - ".gitlab/benchmarks.yml" + - ".gitlab/govulncheck.yml" From 3765770b62b71bcf2f578cdbc0d1ae3c84122345 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 12:43:22 +0100 Subject: [PATCH 56/65] updated gitlab workflow --- .gitlab/govulncheck.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab/govulncheck.yml b/.gitlab/govulncheck.yml index a9d97d6f7e..25583e37f7 100644 --- a/.gitlab/govulncheck.yml +++ b/.gitlab/govulncheck.yml @@ -1,5 +1,7 @@ govulncheck: stage: govulncheck + when: always + tags: [ "runner:apm-k8s-tweaked-metal" ] image: registry.ddbuild.io/images/mirror/golang:1.18 # timeout: 1h only: From a40ae9b71b56b4e1fac4903b5ac050091327fd63 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 18:11:58 +0100 Subject: [PATCH 57/65] updated gitlab workflow --- .gitlab/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/govulncheck.yml b/.gitlab/govulncheck.yml index 25583e37f7..0f3fc3a62a 100644 --- a/.gitlab/govulncheck.yml +++ b/.gitlab/govulncheck.yml @@ -2,7 +2,7 @@ govulncheck: stage: govulncheck when: always tags: [ "runner:apm-k8s-tweaked-metal" ] - image: registry.ddbuild.io/images/mirror/golang:1.18 + image: $BASE_CI_IMAGE # timeout: 1h only: refs: From 271c79e3a068c32d1003815973f9ff3461e73726 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 18:32:18 +0100 Subject: [PATCH 58/65] Updated workflow --- .github/workflows/govulncheck.yml | 34 ++++++++++++++++++------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index b9464c0e3e..cf3d2ec386 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -22,17 +22,23 @@ jobs: - name: Comment results id: results run: | - function check_results { - results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) - num=$(echo $results | wc -l) - if [ $num -gt 0 ]; then - echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_STEP_SUMMARY - echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" - found=$(( found | 1)) - fi - } - path=./ddtrace/... check_results - path=./appsec/... check_results - path=./internal/... check_results - path=./profiler/... check_results - exit $found + govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' >> $GITHUB_OUTPUT + - name: GH_Summary results + id: results + run: | + ${{join(steps.results.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY + +# function check_results { +# results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) +# num=$(echo $results | wc -l) +# if [ $num -gt 0 ]; then +# echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_STEP_SUMMARY +# echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" +# found=$(( found | 1)) +# fi +# } +# path=./ddtrace/... check_results +# path=./appsec/... check_results +# path=./internal/... check_results +# path=./profiler/... check_results +# exit $found From ec07626d476d461f2383550e9e4ea773129c8498 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 18:33:33 +0100 Subject: [PATCH 59/65] Updated workflow --- .github/workflows/govulncheck.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index cf3d2ec386..a1b1659a3e 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -1,10 +1,14 @@ name: Nightly govulncheck +#on: +# push: +# branches: +# - main +# schedule: +# - cron: '00 00 * * *' on: push: branches: - - main - schedule: - - cron: '00 00 * * *' + - 'shevchenko/govulncheck' jobs: govulncheck-tests: runs-on: ubuntu-latest From 0526784e033cdb90cad80afc485ed58e4e1e93e1 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 18:34:02 +0100 Subject: [PATCH 60/65] Updated workflow --- .github/workflows/govulncheck.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index a1b1659a3e..125904dd2d 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -28,7 +28,6 @@ jobs: run: | govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' >> $GITHUB_OUTPUT - name: GH_Summary results - id: results run: | ${{join(steps.results.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY From dc6be837cad386d7d2a68ff1c2b0a174f1911c99 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 18:38:18 +0100 Subject: [PATCH 61/65] Updated workflow --- .github/workflows/govulncheck.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 125904dd2d..edb238fb54 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -26,10 +26,10 @@ jobs: - name: Comment results id: results run: | - govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' >> $GITHUB_OUTPUT - - name: GH_Summary results - run: | - ${{join(steps.results.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY + govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' >> tee myoutput.txt +# - name: GH_Summary results +# run: | +# ${{join(steps.results.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY # function check_results { # results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) From e9178a3ba087c37c613d7c0d8a3dc0593f8086e8 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 18:39:02 +0100 Subject: [PATCH 62/65] Updated workflow --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index edb238fb54..910cbfb760 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -26,7 +26,7 @@ jobs: - name: Comment results id: results run: | - govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' >> tee myoutput.txt + govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' | tee myoutput.txt # - name: GH_Summary results # run: | # ${{join(steps.results.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY From e150f4a2d68344bb386dfce220d070181b7991e0 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Mon, 5 Dec 2022 18:41:26 +0100 Subject: [PATCH 63/65] Updated workflow --- .github/workflows/govulncheck.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 910cbfb760..5722479b93 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -27,6 +27,7 @@ jobs: id: results run: | govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' | tee myoutput.txt + govulncheck ./ddtrace/... # - name: GH_Summary results # run: | # ${{join(steps.results.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY From 8099925f1b1d3088cb8a8a0192c349ebfb1145c6 Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Tue, 6 Dec 2022 16:15:44 +0100 Subject: [PATCH 64/65] Updated workflow --- .github/workflows/govulncheck.yml | 44 ++++++++++++------------------- .gitlab-ci.yml | 2 -- .gitlab/govulncheck.yml | 11 -------- .gitlab/scripts/govulncheck.sh | 21 --------------- 4 files changed, 17 insertions(+), 61 deletions(-) delete mode 100644 .gitlab/govulncheck.yml delete mode 100644 .gitlab/scripts/govulncheck.sh diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 5722479b93..62991db35f 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -1,14 +1,10 @@ name: Nightly govulncheck -#on: -# push: -# branches: -# - main -# schedule: -# - cron: '00 00 * * *' on: push: branches: - - 'shevchenko/govulncheck' + - main + schedule: + - cron: '00 00 * * *' jobs: govulncheck-tests: runs-on: ubuntu-latest @@ -26,23 +22,17 @@ jobs: - name: Comment results id: results run: | - govulncheck ./ddtrace/... | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ',' | tee myoutput.txt - govulncheck ./ddtrace/... -# - name: GH_Summary results -# run: | -# ${{join(steps.results.outputs.*, '\n')}} >> $GITHUB_STEP_SUMMARY - -# function check_results { -# results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) -# num=$(echo $results | wc -l) -# if [ $num -gt 0 ]; then -# echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_STEP_SUMMARY -# echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" -# found=$(( found | 1)) -# fi -# } -# path=./ddtrace/... check_results -# path=./appsec/... check_results -# path=./internal/... check_results -# path=./profiler/... check_results -# exit $found + function check_results { + results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq) + num=$(echo $results | wc -l) + if [ $num -gt 0 ]; then + echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_STEP_SUMMARY + echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" + found=$(( found | 1)) + fi + } + path=./ddtrace/... check_results + path=./appsec/... check_results + path=./internal/... check_results + path=./profiler/... check_results + exit $found \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 22e9d78fe7..c9fcc31677 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,5 @@ stages: - benchmarks - - govulncheck include: - ".gitlab/benchmarks.yml" - - ".gitlab/govulncheck.yml" diff --git a/.gitlab/govulncheck.yml b/.gitlab/govulncheck.yml deleted file mode 100644 index 0f3fc3a62a..0000000000 --- a/.gitlab/govulncheck.yml +++ /dev/null @@ -1,11 +0,0 @@ -govulncheck: - stage: govulncheck - when: always - tags: [ "runner:apm-k8s-tweaked-metal" ] - image: $BASE_CI_IMAGE - # timeout: 1h - only: - refs: - - shevchenko/govulncheck - script: - - ./.gitlab/scripts/run-govulncheck.sh diff --git a/.gitlab/scripts/govulncheck.sh b/.gitlab/scripts/govulncheck.sh deleted file mode 100644 index e597df92e3..0000000000 --- a/.gitlab/scripts/govulncheck.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -go install golang.org/x/vuln/cmd/govulncheck@latest - -function check_results { - results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq | tr '\n' ' ') - if [ $(echo $results | wc -l) -gt 0 ]; then - echo "Found these vulnerabilities in $path: $results" - echo "Found these vulnerabilities in $path: $results" >> full_results.txt - fi -} -path=./ddtrace/... check_results -path=./appsec/... check_results -path=./internal/... check_results -path=./contrib/... check_results -path=./profiler/... check_results - -echo full_results.txt | /usr/local/bin/pr-commenter --for-repo="$CI_PROJECT_NAME" --for-pr="$CI_COMMIT_REF_NAME" --header="Vulnerability report" - - - From a248fd0cc423e86f51bb7382614637b911cdd4aa Mon Sep 17 00:00:00 2001 From: Diana Shevchenko Date: Tue, 6 Dec 2022 16:16:56 +0100 Subject: [PATCH 65/65] Updated workflow --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c9fcc31677..b5c7ae836f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,4 @@ stages: - benchmarks -include: - - ".gitlab/benchmarks.yml" +include: ".gitlab/benchmarks.yml"