fix(general): fix integration test in build (#6227)

* fix integraion test in build

* .

* fix unit test

.github/workflows/build.yml

@@ -44,7 +44,7 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        python: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+        python: ["3.10", "3.11", "3.12"]
         os: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
@@ -92,6 +92,60 @@ jobs:
       - name: Run integration tests
         run: |
           pipenv run pytest integration_tests
+
+  integration-tests-old-python:
+    strategy:
+      fail-fast: true
+      matrix:
+        python: ["3.8", "3.9"]
+        os: [ubuntu-latest, macos-12, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v3
+      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c  # v4
+        with:
+          python-version: ${{ matrix.python }}
+      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8  # v3
+      - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78  # v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1  # v2
+        if: ${{ runner.os != 'windows' }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Install pipenv
+        run: |
+          python -m pip install --no-cache-dir --upgrade pipenv
+      - name: Build & install checkov package
+        run: |
+          # remove venv, if exists
+          pipenv --rm || true
+          pipenv --python ${{ matrix.python }}
+          pipenv run pip install pytest pytest-xdist setuptools wheel
+          pipenv run python setup.py sdist bdist_wheel
+          bash -c 'pipenv run pip install dist/checkov-*.whl'
+      - name: Clone Terragoat - vulnerable terraform
+        run: git clone https://github.com/bridgecrewio/terragoat
+      - name: Clone Cfngoat - vulnerable cloudformation
+        run: git clone https://github.com/bridgecrewio/cfngoat
+      - name: Clone Kubernetes-goat - vulnerable kubernetes
+        run: git clone https://github.com/madhuakula/kubernetes-goat
+      - name: Clone kustomize-goat - vulnerable kustomize
+        run: git clone https://github.com/bridgecrewio/kustomizegoat
+      - name: Create checkov reports
+        run: |
+          # Just making sure the API key tests don't run on PRs
+          bash -c './integration_tests/prepare_data.sh "${{ matrix.os }}" "${{ matrix.python }}"'
+        env:
+          LOG_LEVEL: INFO
+          BC_KEY: ${{ secrets.PRISMA_KEY_API2 }}
+          PRISMA_API_URL: ${{ secrets.PRISMA_API_URL_2 }}
+          TF_REGISTRY_TOKEN: ${{ secrets.TFC_TOKEN }}
+          GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run integration tests
+        run: |
+          pipenv run pytest integration_tests
+
   prisma-tests:
     runs-on: [ self-hosted, public, linux, x64 ]
     env:
@@ -126,7 +180,7 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        python: ["3.8", "3.12"]
+        python: ["3.10", "3.11", "3.12"]
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     continue-on-error: true # for now it is ok to fail
@@ -161,6 +215,47 @@ jobs:
       - name: Run integration tests
         run: |
           pipenv run pytest sast_integration_tests
+
+  sast-integration-tests-old-python:
+    strategy:
+      fail-fast: true
+      matrix:
+        python: ["3.8", "3.9"]
+        os: [ubuntu-latest, macos-12]
+    runs-on: ${{ matrix.os }}
+    continue-on-error: true # for now it is ok to fail
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v3
+      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c  # v4
+        with:
+          python-version: ${{ matrix.python }}
+      - name: Install pipenv
+        run: |
+          python -m pip install --no-cache-dir --upgrade pipenv
+      - name: Build & install checkov package
+        run: |
+          # remove venv, if exists
+          pipenv --rm || true
+          pipenv --python ${{ matrix.python }}
+          pipenv run pip install pytest pytest-xdist setuptools wheel
+          pipenv run python setup.py sdist bdist_wheel
+          bash -c 'pipenv run pip install dist/checkov-*.whl'
+      - name: Clone flask - Python repo for SAST
+        run: git clone https://github.com/pallets/flask
+      - name: Clone WebGoat - Java repo for SAST
+        run: git clone https://github.com/WebGoat/WebGoat
+      - name: Clone axios - JavaScript repo for SAST
+        run: git clone https://github.com/axios/axios
+      - name: Create checkov reports
+        env:
+          LOG_LEVEL: INFO
+          BC_API_KEY: ${{ secrets.PRISMA_KEY_API2 }}
+          PRISMA_API_URL: ${{ secrets.PRISMA_API_URL_2 }}
+        run: bash -c './sast_integration_tests/prepare_data.sh'
+      - name: Run integration tests
+        run: |
+          pipenv run pytest sast_integration_tests
+
   unit-tests:
     timeout-minutes: 30
     runs-on: ubuntu-latest

tests/github_actions/test_runner.py

@@ -229,9 +229,9 @@ def test_runner_on_build(self):
         assert report.failed_checks[0].triggers[0] == {'workflow_dispatch', 'push'}
         assert report.failed_checks[0].workflow_name == 'build'
 
-        assert report.passed_checks[6].job[0] == "publish-checkov-dockerhub"
-        assert report.passed_checks[6].triggers[0] == {'workflow_dispatch', 'push'}
-        assert report.passed_checks[6].workflow_name == 'build'
+        assert report.passed_checks[8].job[0] == "publish-checkov-dockerhub"
+        assert report.passed_checks[8].triggers[0] == {'workflow_dispatch', 'push'}
+        assert report.passed_checks[8].workflow_name == 'build'
 
     def test_runner_on_codeql_analysis(self):
         # given