Merge pull request #3734 from mercedes-benz/feature-3481-handle-githu…

…b-core-output-problem Fix output problem #3481
mercedes-benz · Dec 17, 2024 · 31eb09b · 31eb09b
2 parents 25b006e + 1291fb3
commit 31eb09b
Show file tree

Hide file tree

Showing 13 changed files with 274 additions and 63 deletions.
diff --git a/.github/workflows/github-action-scan.yml b/.github/workflows/github-action-scan.yml
@@ -29,14 +29,22 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-
+
+      - name: Cache Node.js modules
+        uses: actions/cache@v2
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
       - name: Use Node.js
         uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
         with:
           node-version: 22
 
-      - name: Clean install
-        run: npm ci 
+      - name: Install
+        run: npm install 
 
       - name: Build
         run: npm run build

diff --git a/github-actions/scan/README.adoc b/github-actions/scan/README.adoc
@@ -94,25 +94,29 @@ The following variables take priority over the configuration file:
 If no custom `sechub.json` is provided, it will be generated from the remaining specified variables and used. However, if a custom `sechub.json` is provided, no separate configuration will be created, meaning the remaining set variables will essentially be ignored.
 ====
 
-=== Outputs
+=== Use SecHub results in GitHub workflows
 
-The following table lists the output variables available after this SecHub GitHub Action has completed:
+==== GitHub Output
+Because of problems with GitHub outputs (see https://github.com/mercedes-benz/sechub/issues/3481 ) SecHub no longer supports outputs but provides environment variables instead.
+
+==== Environment variables
+The following table lists the environment variables containing result data after this SecHub GitHub Action has completed:
 
 [cols="20%,40%,40%"]
 |===
-| Output Name          | Description                                           | Expected Values
+| Environment variable               | Description                                           | Expected Values
 
-| scan-trafficlight    | The color of the traffic light reported by SecHub if the scan ran successfully, otherwise `FAILURE`. | One of `GREEN`, `YELLOW`, `RED`, or `FAILURE`.
-| scan-findings-count  | The total number of findings reported by SecHub. Returns 0 if the scan didn't complete.         | 0
-| scan-findings-high   | The number of high-level findings reported by SecHub.         | 0
-| scan-findings-medium | The number of medium-level findings reported by SecHub.         | 0
-| scan-findings-low    | The number of low-level findings reported by SecHub.         | 0
-| scan-readable-summary| A human-readable summary of the scan outcome, including the traffic light color, findings count, and their distribution.         | For example, `SecHub scan could not be executed` if an error occurred. Otherwise, i.e. `SecHub reported traffic light color YELLOW with 15 findings, categorized as follows: MEDIUM (8), LOW (7)`
+| SECHUB_OUTPUT_SCAN_TRAFFICLIGHT    | The color of the traffic light reported by SecHub if the scan ran successfully, otherwise `FAILURE`. | One of `GREEN`, `YELLOW`, `RED`, or `FAILURE`.
+| SECHUB_OUTPUT_SCAN_FINDINGS_COUNT  | The total number of findings reported by SecHub. Returns 0 if the scan didn't complete.         | 0
+| SECHUB_OUTPUT_SCAN_FINDINGS_HIGH   | The number of high-level findings reported by SecHub.         | 0
+| SECHUB_OUTPUT_SCAN_FINDINGS_MEDIUM | The number of medium-level findings reported by SecHub.         | 0
+| SECHUB_OUTPUT_SCAN_FINDINGS_LOW    | The number of low-level findings reported by SecHub.         | 0
+| SECHUB_OUTPUT_SCAN_READABLE_SUMMARY| A human-readable summary of the scan outcome, including the traffic light color, findings count, and their distribution.         | For example, `SecHub scan could not be executed` if an error occurred. Otherwise, i.e. `SecHub reported traffic light color YELLOW with 15 findings, categorized as follows: MEDIUM (8), LOW (7)`
 
 |===
 
 
-You can access them after the action has run with `${{ steps.<step-id>.outputs.<output-name> }}`
+You can access them after the action has run with `${{ env.<environment-variable-name> }}`
 
 === Build
 
@@ -129,6 +133,16 @@ npm run build
 
 This runs the ncc compiler and transpiles the files from the src folder into the `dist/` folder.
 
+=== Deployment
+A GitHub action needs a transpiled `index.js` to be used as an action from workflows.
+
+As long as we do not provide a new index.js the old action is still in usage, even when the source code has 
+changed. If we do not build the file and commit and push it to git repository, the action will not 
+be available!
+
+The complete deployment process is automated by `.github/workflows/release-github-action.yml` which will create a
+PR which will do all necessary steps.
+
 === Test
 
 ==== Unit tests
@@ -142,10 +156,19 @@ npm run test
 
 ==== Integration-Test
 As a precondition to run the integration tests locally you have to
+execute `01-start.sh $secHubServerVersion $sechubServerPortNr $pdsVersion $pdsPortN`
+inside the integration test folder.
 
-- execute `__test__/01-start.sh $secHubServerVersion $sechubServerPortNr $pdsVersion $pdsPortNr`
+An example:
+
+[source,bash]
+----
+# Next lines will start a SecHub server of version 2.4.0 and a PDS with version 2.1.0
+cd ./github-actions/scan/__test__/integrationtest
+./01-start.sh 2.4.0 8443 2.1.0 8444
+----
 
-TIP: You can also start a SecHub server and a PDS (both in integration test mode) instead of using the `01-start` script.
+TIP: You can also start a SecHub server and a PDS from IDE (both in integration test mode) instead of using the `01-start` script.
 
 After the script has been executed, you can execute integration tests multiple times via following command:
 
@@ -176,7 +199,9 @@ In this setup the tests can be executed from sidebar and from links created insi
 
 [TIP]
 ====
-Unfortunately, the Jest UI integration works only for npm script "test". But to handle integration tests different (the tests shall only be executed when all is build and servers are started) they are not executed by "test" script.
+Unfortunately, the Jest UI integration works only for npm script "test". 
+But to handle integration tests different (the tests shall only be executed 
+when all is built and servers are started) they are not executed by "test" script.
 
 If you want to **debug an integration test**, there is a temporary workaround necessary while you debug the test:
 

diff --git a/github-actions/scan/__test__/client-version-helper.test.ts b/github-actions/scan/__test__/client-version-helper.test.ts
@@ -3,6 +3,22 @@
 import { getClientVersion } from '../src/client-version-helper';
 import axios from 'axios';
 import MockAdapter from 'axios-mock-adapter';
+import * as core from '@actions/core';
+
+jest.mock('@actions/core');
+
+const mockDebug = core.debug as jest.MockedFunction<typeof core.debug>;
+
+const debugEnabled = false;
+
+beforeEach(() => {
+    mockDebug.mockImplementation((message: string | Error) => {
+        if (debugEnabled) {
+            console.log(`Debug: ${message}`);
+        }
+    });
+    mockDebug.mockClear();
+});
 
 describe('getClientVersion', function () {
 

diff --git a/github-actions/scan/__test__/configuration-builder.test.ts b/github-actions/scan/__test__/configuration-builder.test.ts
@@ -6,7 +6,12 @@ import { SecHubConfigurationModelBuilderData } from '../src/configuration-builde
 
 jest.mock('@actions/core');
 
-function dumpModel(model: SecHubConfigurationModel){
+const debugEnabled = false;
+
+function logDebug(model: SecHubConfigurationModel){
+    if (! debugEnabled){
+        return;
+    }
     const json = JSON.stringify(model, null, 2); // pretty printed output
 
     console.log('json='+json);
@@ -34,7 +39,7 @@ describe('configuration-builder', function() {
         const model= configBuilder.createSecHubConfigurationModel(builderData);
 
         /* test */
-        dumpModel(model);
+        logDebug(model);
 
         expect(model.apiVersion).toEqual('1.0');
 
@@ -66,7 +71,7 @@ describe('configuration-builder', function() {
         const model= configBuilder.createSecHubConfigurationModel(builderData);
 
         /* test */
-        dumpModel(model);
+        logDebug(model);
 
         expect(model.apiVersion).toEqual('1.0');
 
@@ -101,7 +106,7 @@ describe('configuration-builder', function() {
         const model= configBuilder.createSecHubConfigurationModel(builderData);
 
         /* test */
-        dumpModel(model);
+        logDebug(model);
 
         expect(model.apiVersion).toEqual('1.0');
 
@@ -138,7 +143,7 @@ describe('configuration-builder', function() {
         const model= configBuilder.createSecHubConfigurationModel(builderData);
 
         /* test */
-        dumpModel(model);
+        logDebug(model);
 
         expect(model.apiVersion).toEqual('1.0');
 
@@ -172,7 +177,7 @@ describe('configuration-builder', function() {
         const model= configBuilder.createSecHubConfigurationModel(builderData);
 
         /* test */
-        dumpModel(model);
+        logDebug(model);
 
         expect(model.apiVersion).toEqual('1.0');
 
@@ -206,7 +211,7 @@ describe('configuration-builder', function() {
         const model= configBuilder.createSecHubConfigurationModel(builderData);
 
         /* test */
-        dumpModel(model);
+        logDebug(model);
 
         expect(model.apiVersion).toEqual('1.0');
 
@@ -241,7 +246,7 @@ describe('configuration-builder', function() {
         const model= configBuilder.createSecHubConfigurationModel(builderData);
 
         /* test */
-        dumpModel(model);
+        logDebug(model);
 
         expect(model.apiVersion).toEqual('1.0');
 

diff --git a/github-actions/scan/__test__/init-scan.test.ts b/github-actions/scan/__test__/init-scan.test.ts
@@ -5,6 +5,22 @@ import {initReportFormats, initSecHubJson} from '../src/init-scan';
 jest.mock('./../src/configuration-builder');
 import {SecHubConfigurationModelBuilderData, createSecHubConfigJsonFile} from '../src/configuration-builder';
 
+import * as core from '@actions/core';
+
+jest.mock('@actions/core');
+
+const mockInfo = core.info as jest.MockedFunction<typeof core.info>;
+
+const debugEnabled = false;
+
+beforeEach(() => {
+    mockInfo.mockImplementation((message: string | Error) => {
+        if (debugEnabled) {
+            console.log(`Info: ${message}`);
+        }
+    });
+    mockInfo.mockClear();
+});
 
 describe('initSecHubJson', function () {
     it('throws error if configPath is set, but file does not exist', function () {

diff --git a/github-actions/scan/__test__/output-helper.test.ts b/github-actions/scan/__test__/output-helper.test.ts
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: MIT
+import * as outputHelper from '../src/output-helper';
+import * as core from '@actions/core';
+
+jest.mock('@actions/core');
+
+describe('storeOutput', () => {
+    const mockedCore = core as jest.Mocked<typeof core>;
+
+    it('test-key shall set SECHUB_OUTPUT_TEST_KEY', () => {
+        /* execute */
+        outputHelper.storeOutput('test-key', 'test value1');
+
+        /* test */
+        expect(mockedCore.exportVariable).toBeCalledWith('SECHUB_OUTPUT_TEST_KEY', 'test value1');
+    });
+
+});