build(deps): Bump cookie and browser-sync in /owasp-top10-2021-apps/a8/amarelo-designs/app/static #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dart Analyze Code Scanning | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master ] | |
| jobs: | |
| scan: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| dir: [ 'owasp-top10-2016-mobile/m2/cool_games/mobile', 'owasp-top10-2016-mobile/m4/note-box/mobile', 'owasp-top10-2016-mobile/m5/panda_zap/mobile' ] | |
| runs-on: ubuntu-latest | |
| #defaults: | |
| # run: | |
| # working-directory: ${{ matrix.dir }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Setup Flutter SDK | |
| uses: flutter-actions/setup-flutter@v2 | |
| with: | |
| channel: stable | |
| version: 3.0.2 | |
| # Dart Analyze should do this... | |
| - name: Install dependencies | |
| run: | | |
| cd ${{matrix.dir}} | |
| flutter pub get | |
| - name: Name the artifact without "/" 's | |
| run: | | |
| echo "APP_NAME=$(echo ${{matrix.dir}} | rev | cut -d "/" -f 2 | rev)" >> $GITHUB_OUTPUT | |
| id: appname | |
| - name: Dart Analyze | |
| run: dart analyze ${{matrix.dir}} > ${{ steps.appname.outputs.APP_NAME }}_dart_analyze.txt || true | |
| - name: Debug | |
| run: | | |
| pwd | |
| ls -ls *dart_analyze.txt | |
| cat ${{ steps.appname.outputs.APP_NAME }}_dart_analyze.txt | |
| echo "${GITHUB_WORKSPACE}/${{matrix.dir}}" | |
| - name: Dart Analyze to SARIF | |
| uses: advanced-security/dart-analyzer-sarif@main | |
| with: | |
| input: "${{ steps.appname.outputs.APP_NAME }}_dart_analyze.txt" | |
| output: "${{ steps.appname.outputs.APP_NAME }}_dart_analyze.sarif" | |
| #sourceroot: "${GITHUB_WORKSPACE}/${{matrix.dir}}" | |
| # This tools allows users to update broken SARIF files that have relative paths that aren't based on the root GitHub Repository folder. | |
| - uses: advanced-security/sarif-toolkit/relativepaths@main | |
| with: | |
| # SARIF File / Directory location | |
| sarif: "${{ steps.appname.outputs.APP_NAME }}_dart_analyze.sarif" | |
| # Working Directory (sub folder of the working directory) | |
| working: "${{matrix.dir}}" | |
| - name: Upload a Build Artifact | |
| uses: actions/[email protected] | |
| with: | |
| # Artifact name | |
| name: ${{ steps.appname.outputs.APP_NAME }} | |
| path: "${{ steps.appname.outputs.APP_NAME }}_dart_analyze.sarif" | |
| - name: Upload SARIF | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: "${{ steps.appname.outputs.APP_NAME }}_dart_analyze.sarif" | |
| # Need unique category since we will be uploading multiple code scanning results in one go | |
| category: "/app:${{ steps.appname.outputs.APP_NAME }}" | |
| #checkout_path: "${GITHUB_WORKSPACE}" | |