From 33cd26f945925d64e0ccef41d13be17e84f99f44 Mon Sep 17 00:00:00 2001 From: Gabriel Kihlman Date: Tue, 23 Jun 2020 16:25:16 +0200 Subject: [PATCH 21/25] Github Actions: do not run scan if missing credentials Also toggle workflow to fail if there are warnings. Signed-off-by: Gustavo B. Schenkel --- .github/workflows/scan.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index ec6ba52..09f16ab 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -1,4 +1,5 @@ name: static code analysis +# Documentation: https://github.com/Yubico/yes-static-code-analysis on: push: @@ -8,6 +9,7 @@ on: env: SCAN_IMG: yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1 + SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }} jobs: build: @@ -16,17 +18,18 @@ jobs: steps: - uses: actions/checkout@master - - name: Prep scan + - name: Scan and fail on warnings run: | - docker login yes-docker-local.artifactory.in.yubico.org/ \ - -u svc-static-code-analysis-reader \ - -p ${{ secrets.ARTIFACTORY_READER_TOKEN }} - docker pull ${SCAN_IMG} - - - name: Scan but do not fail on warnings - run: | - docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ - -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG} || true + if [ "${SECRET}" != "" ]; then + docker login yes-docker-local.artifactory.in.yubico.org/ \ + -u svc-static-code-analysis-reader -p ${SECRET} + docker pull ${SCAN_IMG} + docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ + -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} \ + -e PVS_IGNORE_WARNINGS=${PVS_IGNORE_WARNINGS} -t ${SCAN_IMG} + else + echo "No docker registry credentials, not scanning" + fi - uses: actions/upload-artifact@master if: failure() -- 2.32.0