[SINT-1536] Add new NPM metadata detector to catch dependencies fetched from URLs #617
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test | |
on: | |
push: | |
branches: | |
- main | |
- v* | |
pull_request: | |
branches: | |
- main | |
- v* | |
permissions: | |
contents: read | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: datadog/guarddog | |
jobs: | |
type-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python 3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
pip install -r requirements-dev.txt | |
- name: Type check with mypy | |
run: make type-check | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python 3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
pip install -r requirements-dev.txt | |
- name: Lint with flake8 | |
run: make lint | |
unit-tests: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python 3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
pip install -r requirements-dev.txt | |
- name: Semgrep rules unit tests | |
run: make test-semgrep-rules | |
- name: Python unit tests | |
run: make test-metadata-rules | |
- name: Core unit tests | |
run: make test-core | |
- name: Report coverage | |
run: make coverage-report | |
integration-tests: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
- name: 'Set up Python 3.10' | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
- name: Install GuardDog | |
run: | | |
pip install -r requirements.txt -r requirements-dev.txt | |
pip install . | |
- name: Run GuardDog against a remote package | |
run: guarddog pypi scan requests | |
- name: Run GuardDog against a remote package | |
run: guarddog npm scan express | |
- name: Run GuardDog against a local requirements.txt file | |
run: > | |
echo -e "requests\npywin32" > requirements.txt | |
guarddog pypi verify ./requirements.txt | |
guarddog npm verify ./tests/core/resources/package.json | |
docker-build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v4 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
push: false | |
build-args: | | |
VERSION=${{ github.ref_name }} |