forked from JayPNanduri/ast-cli-javascript-wrapper-jay
-
Notifications
You must be signed in to change notification settings - Fork 3
108 lines (89 loc) · 4.11 KB
/
Copy pathupdate-cli.yml
File metadata and controls
108 lines (89 loc) · 4.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: Update Checkmarx AST CLI
on:
workflow_dispatch:
inputs:
new_cli_version:
description: 'New CLI version (optional)'
required: false
permissions:
contents: read
jobs:
update-checkmarx-cli:
runs-on: cx-public-ubuntu-x64
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
# Fetch the latest Checkmarx AST CLI version
- name: Get Latest Checkmarx API version
id: checkmarx-ast-cli
run: |
if [ "${{ github.event.inputs.new_cli_version }}" ]; then
LATEST_VERSION=${{ github.event.inputs.new_cli_version }}
else
LATEST_VERSION=$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name")
fi
CURRENT_VERSION=$(<checkmarx-ast-cli.version)
echo "release_tag=$LATEST_VERSION" >> $GITHUB_OUTPUT
echo "current_tag=$CURRENT_VERSION" >> $GITHUB_OUTPUT
# Update the version file if the latest version differs
- name: Update Checkmarx CLI version in version file
if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
env:
RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
run: |
echo ${{ steps.checkmarx-ast-cli.outputs.release_tag }} > checkmarx-ast-cli.version
# Download CLI binaries and generate checksums
- name: Download CLI and generate checksums
if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
env:
RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
run: |
VERSION=$RELEASE_TAG
# Initialize checksums object
CHECKSUMS='{}'
# Platform configurations: platform_name,architecture,extension,os_platform
PLATFORMS=(
"windows,x64,zip,windows"
"darwin,x64,tar.gz,darwin"
"linux,x64,tar.gz,linux"
"linux,arm64,tar.gz,linux"
"linux,armv6,tar.gz,linux"
)
for PLATFORM_CONFIG in "${PLATFORMS[@]}"; do
IFS=',' read -r OS_TYPE ARCH EXT OS_PLATFORM <<< "$PLATFORM_CONFIG"
KEY="${OS_PLATFORM}_${ARCH}"
URL="https://download.checkmarx.com/CxOne/CLI/${VERSION}/ast-cli_${VERSION}_${OS_PLATFORM}_${ARCH}.${EXT}"
echo "Downloading checksum for ${KEY} from ${URL}..."
# Download binary
TEMP_FILE="/tmp/ast-cli_${KEY}.${EXT}"
if curl -sL -o "$TEMP_FILE" "$URL"; then
# Calculate SHA-256
CHECKSUM=$(sha256sum "$TEMP_FILE" | awk '{print $1}')
echo "✓ ${KEY}: ${CHECKSUM}"
# Update checksums JSON
CHECKSUMS=$(echo "$CHECKSUMS" | jq --arg key "$KEY" --arg value "$CHECKSUM" '.[$key] = $value')
# Cleanup
rm -f "$TEMP_FILE"
else
echo "✗ Failed to download ${KEY}"
exit 1
fi
done
# Write checksums to file
echo "$CHECKSUMS" | jq '.' > checkmarx-ast-cli.checksums
echo "Checksums updated:"
cat checkmarx-ast-cli.checksums
# Create a Pull Request with the version changes
- name: Create Pull Request
id: cretae_pull_request
if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
uses: step-security/create-pull-request@50c103da2b9ca12cd5bc013fc6931051a5aa872b # v8.1.1
with:
token: ${{ secrets.AUTOMATION_TOKEN }}
commit-message: Update checkmarx-ast-cli to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
title: Update checkmarx-ast-cli binaries with ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
body: |
Updates [checkmarx-ast-cli][1] to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
Auto-generated by [create-pull-request][2]
[1]: https://github.com/Checkmarx/checkmarx-ast-cli
labels: cxone
branch: feature/update_cli_${{ steps.checkmarx-ast-cli.outputs.release_tag }}