From 21f9f6f47692a3a3ba90fb1b61961b6f89ce86b7 Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Sat, 18 Nov 2023 15:26:19 +0530 Subject: [PATCH] feat(ci): add MobSF code quality job --- ...analysis.yml => code_quality_analysis.yml} | 50 ++++++++++++++++--- 1 file changed, 42 insertions(+), 8 deletions(-) rename .github/workflows/{codeql_analysis.yml => code_quality_analysis.yml} (51%) diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/code_quality_analysis.yml similarity index 51% rename from .github/workflows/codeql_analysis.yml rename to .github/workflows/code_quality_analysis.yml index cde1d92b..b06e8cf0 100644 --- a/.github/workflows/codeql_analysis.yml +++ b/.github/workflows/code_quality_analysis.yml @@ -1,24 +1,25 @@ -name: CodeQL +name: Code quality analysis on: push: branches: + - main - renovate/** - workflow_dispatch: schedule: - cron: '31 7 * * 3' + workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} +permissions: + contents: read + security-events: write + jobs: - analyze: - name: Analyze + codeql: + name: CodeQL runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -51,3 +52,36 @@ jobs: uses: github/codeql-action/analyze@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7 with: category: "/language:java" + mobsfscan: + name: MobSF + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Set up JDK + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + distribution: temurin + java-version: 18 + + - name: Setup Gradle caching + uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 + with: + gradle-home-cache-cleanup: true + cache-read-only: true + + - name: Setup python + uses: actions/setup-python@v3 + with: + python-version: 3.8 + + - name: Run mobsfscan + uses: MobSF/mobsfscan@a60d10a83af68e23e0b30611c6515da604f06f65 + with: + args: . --sarif --output results.sarif || true + + - name: Upload mobsfscan report + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif