File: run_armor.yml

package info (click to toggle)
fastrpc 1.0.2-2
  • links: PTS, VCS
  • area: contrib
  • in suites: forky, sid
  • size: 2,816 kB
  • sloc: ansic: 30,070; makefile: 230; sh: 31
file content (72 lines) | stat: -rw-r--r-- 2,943 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# This GitHub Actions workflow runs the ARMOR security scanning tool under the following conditions:
# - On push events to 'main' and 'development' branches
# - On pull_request_target events for 'main' and 'development' branches (to handle forked PRs)
# - Manually via workflow_dispatch with required inputs (branch-name, head-sha, base-sha)
#
# The workflow:
# 1. Sets appropriate permissions for repository access and status reporting
# 2. Checks out the repository code
# 3. Dynamically determines event context (head/base SHAs, branch name) across all trigger types
# 4. Executes the ARMOR tool with the collected parameters to perform API compatibility checks and header validation

name: Run ARMOR via action
on:
  push:
    branches: [ main, development ]
  pull_request_target:
    branches: [ main, development ]
  workflow_dispatch:
    inputs:
      branch-name:
        description: 'Branch name to scan'
        required: true
        type: string
      head-sha:
        description: 'Head commit SHA'
        required: true
        type: string
      base-sha:
        description: 'The commit SHA that serves for comparison or analysis'
        required: true
        type: string

permissions:
  contents: read
  pull-requests: write
  statuses: write

jobs:
  RUN-ARMOR:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - name: Set event variables
        id: ev
        run: |
          echo "event_name=${{ github.event_name }}" >> "$GITHUB_OUTPUT"
          if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then
            echo "head_sha=${{ github.event.pull_request.head.sha }}" >> "$GITHUB_OUTPUT"
            echo "base_sha=${{ github.event.pull_request.base.sha }}" >> "$GITHUB_OUTPUT"
            echo "branch_name=${{ github.event.pull_request.base.ref }}" >> "$GITHUB_OUTPUT"
          elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
            echo "head_sha=${{ inputs.head-sha }}" >> "$GITHUB_OUTPUT"
            echo "base_sha=${{ inputs.base-sha }}" >> "$GITHUB_OUTPUT"
            echo "branch_name=${{ inputs.branch-name }}" >> "$GITHUB_OUTPUT"
          else
            # push
            echo "head_sha=${{ github.event.after }}" >> "$GITHUB_OUTPUT"
            echo "base_sha=${{ github.event.before }}" >> "$GITHUB_OUTPUT"
            echo "branch_name=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
          fi
          echo "ref=${{ github.ref }}" >> "$GITHUB_OUTPUT"
          echo "repo=${{ github.repository }}" >> "$GITHUB_OUTPUT"

      - name: Run ARMOR Tool
        uses: qualcomm/armor@main
        with:
          event-name: ${{ steps.ev.outputs.event_name }}
          head-sha:   ${{ steps.ev.outputs.head_sha }}
          base-sha:   ${{ steps.ev.outputs.base_sha }}
          ref:        ${{ steps.ev.outputs.ref }}
          repo:       ${{ steps.ev.outputs.repo }}
          branch-name: ${{ steps.ev.outputs.branch_name }}