diff --git a/.gitignore b/.gitignore index 9bea4330..6a4c552b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .DS_Store +.idea/ diff --git a/CHANGELOG.md b/CHANGELOG.md index da257d1c..2f27b8aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,7 @@ _None._ ### New Features -_None._ +- Introduce a command for uploading .sarif files to GitHub's registry [#111] ### Bug Fixes diff --git a/bin/upload_sarif_to_github b/bin/upload_sarif_to_github new file mode 100755 index 00000000..90d32019 --- /dev/null +++ b/bin/upload_sarif_to_github @@ -0,0 +1,65 @@ +#!/bin/bash + +set -euo pipefail + +sarif_file="${1:-}" +owner="${2:-}" +repo="${3:-}" + +if [ -z "$sarif_file" ] || [ -z "$owner" ] || [ -z "$repo" ]; then + echo "Not enough arguments provided. Usage: ./upload_sarif_to_gh.sh " + exit 1 +fi + +if [ ! -f "$sarif_file" ]; then + echo "Error: The specified sarif file '$sarif_file' does not exist or is not a regular file." + exit 1 +fi + +if [ ! -r "$sarif_file" ]; then + echo "Error: The specified sarif file '$sarif_file' is not readable." + exit 1 +fi + +# Check that GITHUB_TOKEN is set +if [ -z "${GITHUB_TOKEN:-}" ]; then + echo "Error: GITHUB_TOKEN is not defined." + exit 1 +fi + +sarif_base64_temp_file=$(mktemp) + +gzip -c "$sarif_file" | base64 > "$sarif_base64_temp_file" + +if [[ -n $BUILDKITE_PULL_REQUEST ]]; then + json=$(jq -n \ + --arg commit_sha "$BUILDKITE_COMMIT" \ + --arg pr_number "$BUILDKITE_PULL_REQUEST" \ + --rawfile sarif "$sarif_base64_temp_file" \ + '{ + "commit_sha": $commit_sha, + "ref": ("refs/pull/"+$pr_number+"/head"), + "sarif": $sarif + }') +elif [[ "$BUILDKITE_BRANCH" == "$BUILDKITE_PIPELINE_DEFAULT_BRANCH" ]]; then + json=$(jq -n \ + --arg commit_sha "$BUILDKITE_COMMIT" \ + --arg branch "$BUILDKITE_BRANCH" \ + --rawfile sarif "$sarif_base64_temp_file" \ + '{ + "commit_sha": $commit_sha, + "ref": ("refs/heads/$branch"), + "sarif": $sarif + }') +fi + +sarif_json_temp_file=$(mktemp) +echo "$json" > "$sarif_json_temp_file" + +curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + --data-binary "@$sarif_json_temp_file" \ + https://api.github.com/repos/"$owner"/"$repo"/code-scanning/sarifs