Merge pull request #308 from Checkmarx/revert-307-other/AST-146802

Revert " Add CLAUDE.md for ast-github-action (AST-146802)"

Author: cx-kedar-bhujade

.github/workflows/checkmarx-one-scan.yml

@@ -15,3 +15,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Checkmarx One CLI Action
+        uses: checkmarx/ast-github-action@9fda5a4a2c297608117a5a56af424502a9192e57 # v.2.0.34
+        with:
+          base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }}
+          cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
+          cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
+          additional_params: --tags phoenix --threshold "sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;iac-security-critical=1;iac-security-high=2;iac-security-medium=1;iac-security-low=1;"

.github/workflows/ci.yml

@@ -10,3 +10,125 @@ jobs:
     steps:
       - name: Checkout the repository
         uses: actions/checkout@v4.1.0
+
+      - name: Create source file
+        run: |
+          echo "testcode"> source.py
+      
+      # Test Failure on missing client-id and secret
+      - name: Run With Empty Client And Secret
+        id: empty_client_secret
+        continue-on-error: true
+        uses: ./
+        with:
+          project_name: ${{ github.event.repository.name }}-tests
+          base_uri: https://fake.com
+          cx_client_id: ""
+          cx_client_secret: ""
+      - name: Check If Authentication Failed
+        if: ${{contains( steps.empty_client_secret.outcome, 'success')}}
+        run: |
+          echo "The authentication must fail if invalid client id or password is used"
+          echo "${{ steps.empty_client_secret.outcome}}"
+          exit 1
+      
+      # Test valid input
+      - name: Valid Scenario
+        id: valid_scenario
+        continue-on-error: true
+        uses: ./
+        with:
+          project_name: ${{ github.event.repository.name }}-tests
+          base_uri: ${{ secrets.CX_BASE_URI }}
+          cx_tenant: ${{ secrets.CX_TENANT }}
+          cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+          additional_params: --file-include *.sh,Dockerfile --scan-types kics --report-format summaryJSON
+      - name: Check If Scan Failed
+        if: ${{ contains( steps.valid_scenario.outcome, 'success') == false}}
+        run: |
+          echo "The action outcome should be success."
+          echo "${{ steps.valid_scenario.outcome}}"
+          exit 1
+      - name: Check If Output Scan ID Is Empty
+        if: steps.valid_scenario.outputs.cxScanID == ''
+        run: |
+          echo "Scan ID empty."
+          exit 1
+      - name: Print Output Scan ID
+        run: |
+          echo "${{ steps.valid_scenario.outputs.cxScanID }}"
+      - name: Check If Output Log Is Empty
+        if: steps.valid_scenario.outputs.cxcli == ''
+        run: |
+          echo "Output log empty."
+          exit 1
+      - name: Print CLI Output 
+        run: |
+          echo "${{ steps.valid_scenario.outputs.cxcli }}"
+      
+      # Test failure when wrong preset name
+      - name: Test With Wrong Preset Name
+        id: preset_name_test
+        continue-on-error: true
+        uses: ./
+        with:
+          project_name: ${{ github.event.repository.name }}-tests
+          base_uri: ${{ secrets.CX_BASE_URI }}
+          cx_tenant: ${{ secrets.CX_TENANT }}
+          cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+          additional_params: --sast-preset-name ChekmarxDefaultFake --scan-types sast
+      - name: Check If Preset Name Scan Completed
+        if: ${{contains( steps.preset_name_test.outcome, 'success')}}
+        run: |
+          echo "The cli should fail. Wrong preset name provided"
+          echo "${{ steps.preset_name_test.outcome}}"
+          exit 1
+
+      # Test source path input
+      - name: Create subfolder and add file
+        run: |
+          mkdir -p my_source_dir
+          echo "This is a test file for Checkmarx scanning" > my_source_dir/test-file.sh
+          echo "FROM alpine:latest" > my_source_dir/Dockerfile
+
+      - name: Valid Scenario With Source Path
+        id: valid_scenario_source_path
+        continue-on-error: true
+        uses: ./
+        with:
+          project_name: ${{ github.event.repository.name }}-tests
+          base_uri: ${{ secrets.CX_BASE_URI }}
+          cx_tenant: ${{ secrets.CX_TENANT }}
+          cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+          source_dir: "./my_source_dir"
+          additional_params: --file-include *.sh,Dockerfile --scan-types kics --report-format summaryJSON
+      
+      - name: Check If Scan Failed
+        if: ${{ contains( steps.valid_scenario_source_path.outcome, 'success') == false}}
+        run: |
+          echo "The action outcome should be success."
+          echo "${{ steps.valid_scenario_source_path.outcome}}"
+          exit 1
+
+      - name: Check If Output Scan ID Is empty
+        if: steps.valid_scenario_source_path.outputs.cxScanID == ''
+        run: |
+          echo "Scan ID empty."
+          exit 1
+
+      - name: Print Output Scan ID
+        run: |
+          echo "${{ steps.valid_scenario_source_path.outputs.cxScanID }}"
+
+      - name: Check If Output Log Is Empty
+        if: steps.valid_scenario_source_path.outputs.cxcli == ''
+        run: |
+          echo "Output log empty."
+          exit 1
+
+      - name: Print cCLI Output 
+        run: |
+          echo "${{ steps.valid_scenario_source_path.outputs.cxcli }}"