auth0-java/.github/actions/rl-scanner/action.yml at 40ca031b86a58d2d28ffd13bc158357b92e2b6a5 · auth0/auth0-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: "Reversing Labs Scanner"
description: "Runs the Reversing Labs scanner on a specified artifact."
inputs:
  artifact-path:
    description: "Path to the artifact to be scanned."
    required: true
  version:
    description: "Version of the artifact."
    required: true

runs:
  using: "composite"
  steps:
    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: "3.10"

    - name: Install Python dependencies
      shell: bash
      run: |
        pip install boto3 requests

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }}
        aws-region: us-east-1
        mask-aws-account-id: true

    - name: Install RL Wrapper
      shell: bash
      run: |
        pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"

    - name: Run RL Scanner
      shell: bash
      env:
        RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }}
        RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }}
        SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }}
        PYTHONUNBUFFERED: 1
        ARTIFACT_PATH: ${{ inputs.artifact-path }}
        VERSION: ${{ inputs.version }}
      run: |
        if [ ! -f "$ARTIFACT_PATH" ]; then
          echo "Artifact not found: $ARTIFACT_PATH"
          exit 1
        fi

        rl-wrapper \
          --artifact "$ARTIFACT_PATH" \
          --name "${{ github.event.repository.name }}" \
          --version "$VERSION" \
          --repository "${{ github.repository }}" \
          --commit "${{ github.sha }}" \
          --build-env "github_actions" \
          --suppress_output

        # Check the outcome of the scanner
        if [ $? -ne 0 ]; then
          echo "RL Scanner failed."
          echo "scan-status=failed" >> $GITHUB_ENV
          exit 1
        else
          echo "RL Scanner passed."
          echo "scan-status=success" >> $GITHUB_ENV
        fi

outputs:
  scan-status:
    description: "The outcome of the scan process."
    value: ${{ env.scan-status }}