diff --git a/.github/workflows/comparison_results.yml b/.github/workflows/comparison_results.yml index 8e41492f9bc1..d092764fef50 100644 --- a/.github/workflows/comparison_results.yml +++ b/.github/workflows/comparison_results.yml @@ -18,6 +18,11 @@ env: SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }} SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }} PR_URL: ${{ github.event.pull_request.html_url }} + AWS_REGION: ${{ secrets.AWS_REGION }} + MONITORING_REPO_PATH: "/home/runner/work/joern/joern/temp/standalone-monitoring-stability" + AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}} + AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} + S3_BUCKET: ${{secrets.S3_BUCKET}} jobs: start_workflow: @@ -27,7 +32,7 @@ jobs: id: initial-message uses: slackapi/slack-github-action@v1.27.0 with: - channel-id: ${{ secrets.SLACK_CHANNEL_ID }} + channel-id: ${{ env.SLACK_CHANNEL_ID }} slack-message : "Comparison workflow started for ${{env.PR_URL}}" - name: Save output to env @@ -36,6 +41,9 @@ jobs: outputs: init_message_ts: ${{steps.save-output.outputs.INIT_MSG_TS}} setup_and_scan: + permissions: # Need these permissions for the job to create a JWT to authenticate with AWS + id-token: 'write' + contents: 'read' needs: start_workflow strategy: matrix: @@ -60,46 +68,72 @@ jobs: with: python-version: '3.10' - - name: Clone standalone-monitoring-stability/main + - name: Clone standalone-monitoring-stability/custom-joern-build uses: actions/checkout@v3 with: repository: Privado-Inc/standalone-monitoring-stability path: ./temp/standalone-monitoring-stability ref: custom-joern-build + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + # langauge specific repository file - name: Run the script for ${{ env.HEAD_REF }} and ${{ env.BASE_REF }} run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./run.py -r ./repos/${{matrix.language}}.txt -b main -h main -guf --custom-joern True --custom-joern-base-branch ${{ env.BASE_REF }} --custom-joern-head-branch ${{ env.HEAD_REF }} - - name: Run aws-export - run: cd ./temp/standalone-monitoring-stability/ && python3 aws-export.py ${{matrix.language}}-${{ env.PR_NUMBER }} - - - name: Move results to a folder - run: cd ./temp/standalone-monitoring-stability/ && mkdir results && mv output-${{matrix.language}}-${{ env.PR_NUMBER }}.xlsx ./results/output-${{matrix.language}}-${{ env.PR_NUMBER }}.xlsx && mv ./temp/result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip ./results/result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip && mv slack_summary.txt ./results/slack_summary.txt - - # Zip the results by name + # Rename result files, and zip them together - name: Zip the results - run: cd /home/runner/work/joern/joern/temp/standalone-monitoring-stability && zip result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip -r ./results + env: + FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} + run: | + cd ./temp/standalone-monitoring-stability/ + mv output.xlsx output-${{ env.FILE_SUFFIX }}.xlsx + zip -r ./result-${{ env.FILE_SUFFIX }}.zip ./temp/result + mkdir results + mv output-${{matrix.language}}-${{github.event.number}}.xlsx ./results/output-${{ env.FILE_SUFFIX }}.xlsx + mv ./result-${{matrix.language}}-${{github.event.number}}.zip ./results/result-${{ env.FILE_SUFFIX }}.zip + mv slack_summary.txt ./results/slack_summary.txt + cd ${{ env.MONITORING_REPO_PATH }} && zip result-${{ env.FILE_SUFFIX }}.zip -r ./results + + - name: Upload to S3 + env: + FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} + AWS_DEFAULT_REGION: ap-south-1 + run: cd ${{ env.MONITORING_REPO_PATH }} && aws s3 cp result-${{ env.FILE_SUFFIX }}.zip ${{ env.S3_BUCKET }} + + - name: Create a presigned S3 URL + env: + FILE_SUFFIX: ${{ matrix.language }}-${{ env.PR_NUMBER }} + AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} + TTL: 604800 + run: echo "S3_URL=$(aws s3 presign ${{ env.S3_BUCKET }}/result-${{ env.FILE_SUFFIX }}.zip --expires-in ${{ env.TTL }} --region ${{ env.AWS_DEFAULT_REGION }} --endpoint-url https://s3.${{ env.AWS_DEFAULT_REGION }}.amazonaws.com)" >> $GITHUB_ENV - name: Set summary variable run: | echo "MESSAGE<> $GITHUB_ENV - echo "$(cat /home/runner/work/joern/joern/temp/standalone-monitoring-stability/results/slack_summary.txt)" >> $GITHUB_ENV + echo "$(cat ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt)" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Post results to slack - run: curl -o- https://raw.githubusercontent.com/Privado-Inc/standalone-monitoring-stability/private-fork/slack_upload.sh | bash env: - SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }} - FILE_NAME: "result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip" - INIT_TS: ${{ needs.start_workflow.outputs.init_message_ts }} - FILE_PATH: "/home/runner/work/joern/joern/temp/standalone-monitoring-stability/result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip" - PR_MESSAGE: "Comparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\n Language: ${{matrix.language}} \nSummary Report:\n ${{ env.MESSAGE }}" - + PR_MESSAGE: "Comparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\n Language: ${{matrix.language}} \nSummary Report:\n ${{ env.MESSAGE }}\n Download report <${{ env.S3_URL }}|here> :link:" + run: | + curl -X POST -H "Authorization: Bearer ${{ env.SLACK_BOT_TOKEN }}" \ + -H "Content-type: application/json" \ + --data '{ + "channel": "'${{ env.SLACK_CHANNEL_ID }}'", + "text": "'"${{ env.PR_MESSAGE }}"'", + "thread_ts": "'"${{ needs.start_workflow.outputs.init_message_ts }}"'", + }' \ + https://slack.com/api/chat.postMessage - name: Export workflow output - run: cd ./temp/standalone-monitoring-stability && python3 ./workflow_check.py /home/runner/work/joern/joern/temp/standalone-monitoring-stability/results/slack_summary.txt + run: cd ./temp/standalone-monitoring-stability && python3 ./workflow_check.py ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt - name: Set summary variable run: | @@ -114,15 +148,15 @@ jobs: uses: actions/upload-artifact@master with: name: ${{matrix.language}} - path: /home/runner/work/joern/joern/temp/standalone-monitoring-stability/results/slack_summary.txt + path: ${{ env.MONITORING_REPO_PATH }}/results/slack_summary.txt - name: Workflow report analysis if: ${{ env.MESSAGE != 'true' }} run: exit 1 collate_summary: - needs: [start_workflow, setup_and_scan] - runs-on: ubuntu-latest + needs: [ start_workflow, setup_and_scan ] + runs-on: ubuntu-22.04 steps: - name: Download summary file uses: actions/download-artifact@master @@ -134,12 +168,12 @@ jobs: with: python-version: '3.10' - - name: Clone standalone-monitoring-stability/flow-test + - name: Clone standalone-monitoring-stability/private-fork uses: actions/checkout@v3 with: repository: Privado-Inc/standalone-monitoring-stability path: ./temp/standalone-monitoring-stability - ref: main + ref: private-fork - name: Collate summary run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./collate_summary.py -s /home/runner/work/joern/joern/language_summary @@ -147,15 +181,14 @@ jobs: - name: Set summary variable run: | echo "MESSAGE<> $GITHUB_ENV - echo "$(cat /home/runner/work/joern/joern/temp/standalone-monitoring-stability/global_summary.txt)" >> $GITHUB_ENV + echo "$(cat ${{ env.MONITORING_REPO_PATH }}/global_summary.txt)" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Send summary to slack - uses: slackapi/slack-github-action@v1.24.0 + uses: slackapi/slack-github-action@v1.27.0 with: update-ts: ${{needs.start_workflow.outputs.init_message_ts}} channel-id: ${{ env.SLACK_CHANNEL_ID }} slack-message: "\nComparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\nLanguage: All \nSummary Report:\n ${{ env.MESSAGE }}" env: - SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} - + SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} \ No newline at end of file