diff --git a/action.yml b/action.yml index 1ca8b3b..31184ec 100644 --- a/action.yml +++ b/action.yml @@ -30,114 +30,108 @@ outputs: runs: using: "composite" steps: - - uses: actions/setup-node@v3.6.0 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 18 - # This step extracts the Head SHA and stores it in the 'head-sha' variable - - id: env + - id: env name: Set Up Environment run: | - - OUT=$(curl --header 'authorization: Bearer ${{ inputs.github-token }}' -s ${{github.event.issue.pull_request.url }} | jq -r '.head.sha') - echo $OUT - echo "head-sha=$OUT" >> $GITHUB_OUTPUT - RUN_PATH=$GITHUB_SERVER_URL"/"$GITHUB_REPOSITORY"/actions/runs/"$GITHUB_RUN_ID - echo RUN_PATH: $RUN_PATH - echo "action-run-path=$RUN_PATH" >> $GITHUB_OUTPUT - - #Getting the head-ref - GITHUB_HEAD_REF=$(curl --header 'authorization: Bearer ${{ inputs.github-token }}' -s ${{github.event.issue.pull_request.url }} | jq -r '.head.ref') - echo "github-head-ref=$GITHUB_HEAD_REF" >> $GITHUB_OUTPUT - shell: bash -l {0} + OUT=$(curl --header "authorization: Bearer $GH_TOKEN" -s "$PR_API_URL" | jq -r '.head.sha') + echo "$OUT" + echo "head-sha=$OUT" >> "$GITHUB_OUTPUT" + RUN_PATH="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" + echo "RUN_PATH: $RUN_PATH" + echo "action-run-path=$RUN_PATH" >> "$GITHUB_OUTPUT" + + # Getting the head-ref + GITHUB_HEAD_REF=$(curl --header "authorization: Bearer $GH_TOKEN" -s "$PR_API_URL" | jq -r '.head.ref') + echo "github-head-ref=$GITHUB_HEAD_REF" >> "$GITHUB_OUTPUT" + shell: bash + env: + GH_TOKEN: ${{ inputs.github-token }} + PR_API_URL: ${{ github.event.issue.pull_request.url }} - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: ref: ${{ steps.env.outputs.github-head-ref }} - # Displays status in the PR that this action is in 'pending' status - - uses: guibranco/github-status-action-v2@v1.1.13 + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 with: authToken: ${{ inputs.github-token }} context: "Mobb Fix Analysis" state: "pending" target_url: ${{ steps.env.outputs.action-run-path }} sha: ${{steps.env.outputs.head-sha}} - description: "Mobb fix analysis in progress..." - - #wait for 15s as Sonarcloud may not yet have the report ready. - # - name: Sleep for 30 seconds - # uses: jakejarvis/wait-action@master - # with: - # time: '30s' + description: "Mobb fix analysis in progress..." - # Extract the scan ID from the Checkmarx comment and use it to generate a Checkmarx json report - name: Get SonarQube Report run: | - - echo "Branch is: ${{ steps.env.outputs.github-head-ref }}" - - echo "Running python command:" - - python_cmd="SONARQUBE_HOST_URL=${{ inputs.sonarqube-host-url }} \ - SONARQUBE_PROJECT=${{ inputs.sonarqube-project }} \ - SONARQUBE_TOKEN=${{ inputs.sonarqube-token }} \ - SONARQUBE_ORG=${{ inputs.sonarqube-org }} \ - PULL_REQUEST_ID=${{ github.event.issue.number }} \ - REPORT_PATH=report.json \ - python ./.github/scripts/sonarqube_download_report.py" - - # Print the command - echo "Executing the following python cmd to download JSON report:" - echo "$python_cmd" - - # Execute the command - eval "$python_cmd" - + echo "Branch is: $MOBB_HEAD_REF" + python ./.github/scripts/sonarqube_download_report.py ls -l - env + shell: bash + env: + SONARQUBE_HOST_URL: ${{ inputs.sonarqube-host-url }} + SONARQUBE_PROJECT: ${{ inputs.sonarqube-project }} + SONARQUBE_TOKEN: ${{ inputs.sonarqube-token }} + SONARQUBE_ORG: ${{ inputs.sonarqube-org }} + PULL_REQUEST_ID: ${{ github.event.issue.number }} + REPORT_PATH: report.json + MOBB_HEAD_REF: ${{ steps.env.outputs.github-head-ref }} - shell: bash -l {0} - - id: run-npx-mobb-dev name: Mobb - Generate Autofix run: | REPO=$(git remote get-url origin) REPO=${REPO%".git"} - SCANNER=sonarqube - PR_NUMBER=${{ github.event.issue.number }} - GITHUB_HEAD_REF=${{ steps.env.outputs.github-head-ref }} - COMMIT_HASH=$(git rev-parse $GITHUB_HEAD_REF) - echo REPO: $REPO - echo GITHUB_HEAD_REF: $GITHUB_HEAD_REF - echo GITHUB_SHA: $GITHUB_SHA - echo COMMIT_HASH: $COMMIT_HASH - echo PR_NUMBER: $PR_NUMBER - OUT=$(npx --yes mobbdev@latest review -r $REPO --ref $GITHUB_HEAD_REF --ch $COMMIT_HASH --api-key ${{ inputs.mobb-api-token }} -f report.json --pr $PR_NUMBER --github-token ${{ inputs.github-token }} --scanner $SCANNER) + COMMIT_HASH=$(git rev-parse "$MOBB_HEAD_REF") + echo "REPO: $REPO" + echo "GITHUB_HEAD_REF: $MOBB_HEAD_REF" + echo "COMMIT_HASH: $COMMIT_HASH" + echo "PR_NUMBER: $MOBB_PR_NUMBER" + + MOBB_ARGS=( + npx --yes mobbdev@latest review + -r "$REPO" + --ref "$MOBB_HEAD_REF" + --ch "$COMMIT_HASH" + --api-key "$MOBB_API_TOKEN" + -f report.json + --pr "$MOBB_PR_NUMBER" + --github-token "$GH_TOKEN" + --scanner sonarqube + ) + + OUT=$("${MOBB_ARGS[@]}") RETVAL=$? if [ $RETVAL -ne 0 ]; then exit $RETVAL fi - OUT=$(echo $OUT | tr '\n' ' ') - echo "fix-report-url=$OUT" >> $GITHUB_OUTPUT + OUT=$(echo "$OUT" | tr '\n' ' ') + echo "fix-report-url=$OUT" >> "$GITHUB_OUTPUT" echo "Mobb URL: $OUT" - shell: bash -l {0} + shell: bash + env: + MOBB_HEAD_REF: ${{ steps.env.outputs.github-head-ref }} + MOBB_PR_NUMBER: ${{ github.event.issue.number }} + MOBB_API_TOKEN: ${{ inputs.mobb-api-token }} + GH_TOKEN: ${{ inputs.github-token }} # Publish the Mobb fix report link in the PR - - uses: guibranco/github-status-action-v2@v1.1.13 + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 with: authToken: ${{ inputs.github-token }} context: "Mobb Fix Report Link" state: "success" target_url: ${{ steps.run-npx-mobb-dev.outputs.fix-report-url }} sha: ${{steps.env.outputs.head-sha}} - description: "Click \"Details\" to access the full fix analysis report" - + description: "Click \"Details\" to access the full fix analysis report" # Displays status in the PR that this action is in 'complete' status - - uses: guibranco/github-status-action-v2@v1.1.13 + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 if: success() with: authToken: ${{ inputs.github-token }} @@ -145,11 +139,10 @@ runs: state: "success" target_url: ${{ steps.env.outputs.action-run-path }} sha: ${{steps.env.outputs.head-sha}} - description: "Mobb fix analysis completed. See comment in the PR for results" - + description: "Mobb fix analysis completed. See comment in the PR for results" # Displays status in the PR that this action is in 'failure' status - - uses: guibranco/github-status-action-v2@v1.1.13 + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 if: failure() with: authToken: ${{ inputs.github-token }} @@ -157,8 +150,4 @@ runs: state: "failure" target_url: ${{ steps.env.outputs.action-run-path }} sha: ${{steps.env.outputs.head-sha}} - description: "Mobb fix analysis failed. Click \"Details\" to see console logs" - - - - + description: "Mobb fix analysis failed. Click \"Details\" to see console logs"