-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaction.yml
More file actions
91 lines (83 loc) · 2.78 KB
/
Copy pathaction.yml
File metadata and controls
91 lines (83 loc) · 2.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: 'Sync RunReveal Detections'
description: 'This will sync a given directory with your RunReveal detections.'
inputs:
directory:
description: 'The directory to upload to RunReveal'
required: true
default: './'
token:
description: 'A RunReveal API token with access to edit detections.'
required: true
workspace:
description: 'The RunReveal workspace id to upload the detections to.'
required: true
dry-run:
description: 'Test the sync process without making changes to your detections.'
required: false
default: 'false'
github-token:
description: 'GitHub token used to post PR comments on dry-run failures. Defaults to the workflow token.'
required: false
default: ${{ github.token }}
runs:
using: "composite"
steps:
- name: Download RunReveal CLI
id: download-runreveal
run: |
set -eo pipefail
curl -fL https://github.com/runreveal/homebrew-runreveal/releases/latest/download/runreveal-linux-amd64.tar.gz > runreveal-linux-amd64.tar.gz
tar -xvf runreveal-linux-amd64.tar.gz
chmod +x runreveal
rm runreveal-linux-amd64.tar.gz
shell: bash
- name: Print versions
if: ${{ runner.debug == '1' }}
run: |
echo "Action: detection-sync-action@${{ github.action_ref }}"
echo "CLI: $(./runreveal --version)"
shell: bash
- name: Sync RunReveal Detections
if: ${{ inputs.dry-run == 'false' }}
run: |
set -eo pipefail
./runreveal detections sync -d $INPUT_DIRECTORY
shell: bash
env:
RUNREVEAL_TOKEN: ${{ inputs.token }}
RUNREVEAL_WORKSPACE: ${{ inputs.workspace }}
INPUT_DIRECTORY: ${{ inputs.directory }}
- name: Verify Sync RunReveal Detections
id: dry-run-sync
if: ${{ inputs.dry-run == 'true' }}
run: |
set -eo pipefail
./runreveal detections sync --dry-run -d $INPUT_DIRECTORY 2>&1 | tee /tmp/dry-run-output.log
shell: bash
env:
RUNREVEAL_TOKEN: ${{ inputs.token }}
RUNREVEAL_WORKSPACE: ${{ inputs.workspace }}
INPUT_DIRECTORY: ${{ inputs.directory }}
- name: Comment dry-run error on PR
if: ${{ failure() && steps.dry-run-sync.outcome == 'failure' && github.event_name == 'pull_request' }}
run: |
set -eo pipefail
BODY=$(cat <<INNEREOF
**Detection sync dry-run failed**
\`\`\`
$(cat /tmp/dry-run-output.log)
\`\`\`
INNEREOF
)
gh pr comment "$PR_NUMBER" --body "$BODY"
shell: bash
env:
GH_TOKEN: ${{ inputs.github-token }}
PR_NUMBER: ${{ github.event.pull_request.number }}
- name: Delete RunReveal CLI
if: always()
run: rm -f runreveal
shell: bash
branding:
icon: upload-cloud
color: blue