Merge pull request #35 from nayuta/add_fs_support

Add test for `trivy fs`

.github/workflows/tests.yml

@@ -11,48 +11,38 @@ defaults:
     shell: bash
 
 jobs:
-  test-check:
-    name: trivy (github-check)
+  setup:
     runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.output-matrix.outputs.matrix }}
 
     steps:
       - uses: actions/checkout@v4
-
-      - uses: ./
-        continue-on-error: true
-        id: test
-        with:
-          github_token: ${{ secrets.github_token }}
-          trivy_command: config
-          trivy_target: .
-          reporter: github-check
-          level: info
-          working_directory: testdata/with_detections
-
-      # The check is expected to fail on the test data
-      - name: Check return codes
-        if: success() || failure ()
+      - name: Set up matrix
+        id: output-matrix
         run: |
-          trivy_return="${{ steps.test.outputs.trivy-return-code }}"
-          reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
-
-          if [[ "$trivy_return" -eq 1 ]]; then
-            echo "trivy correctly returned failure ${trivy_return}"
-          else
-            echo "trivy returned ${trivy_return}, expected '1'. Failing..."
-            exit 1
-          fi
+          # Find all the directories in the testdata directory
+          DIRS="$(find ./testdata -type d)"
+          for dir in ${DIRS}; do
+            if [ "$(echo "${DIRS}" | grep -c "${dir}" || true)" -le 1 ]; then
+              DIRS_RESULT="${DIRS_RESULT}${dir},"
+            fi
+          done
+
+          # Build actions' matrix from testadata dirs
+          # e.x. ./testdata/config/terraform/with_detections => { "dir": "./testdata/config/terraform/with_detections", "command": "config", "type": "with_detections", "label": "config/terraform" }
+          MATRIX_JSON=$(echo "${DIRS_RESULT}" | sed 's/,$//' | sed 's/\\n//g' | jq -R -s -c 'split(",") | [.[] | {dir: ., command: split("/")[2], type: split("/")[4], label: [split("/")[2],split("/")[3]] | join("/")}]')
+          MATRIX="matrix={\"include\":${MATRIX_JSON}}" >> $GITHUB_OUTPUT
+          echo "${MATRIX}"
+          echo "${MATRIX}" >> $GITHUB_OUTPUT
 
-          if [[ "$reviewdog_return" -eq 0 ]]; then
-            echo "reviewdog correctly returned success: ${reviewdog_return}"
-          else
-            echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
-            exit 1
-          fi
-
-  test-check-without-detections:
-    name: trivy (github-check-without-detections)
+  test-check:
+    name: trivy (github-check)
     runs-on: ubuntu-latest
+    needs: setup
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.setup.outputs.matrix) }}
 
     steps:
       - uses: actions/checkout@v4
@@ -62,24 +52,34 @@ jobs:
         id: test
         with:
           github_token: ${{ secrets.github_token }}
-          trivy_command: config
+          trivy_command: ${{ matrix.command }}
           trivy_target: .
           reporter: github-check
           level: info
-          working_directory: testdata/without_detections
+          working_directory: ${{ matrix.dir }}
 
       # The check is expected to fail on the test data
       - name: Check return codes
         if: success() || failure ()
         run: |
+          check_type="${{ matrix.type }}"
           trivy_return="${{ steps.test.outputs.trivy-return-code }}"
           reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
 
-          if [[ "$trivy_return" -eq 0 ]]; then
-            echo "trivy correctly returned success ${trivy_return}"
+          if [[ "$check_type" = "with_detections" ]]; then
+            if [[ "$trivy_return" -eq 1 ]]; then
+              echo "trivy correctly returned failure: ${trivy_return}"
+            else
+              echo "trivy returned ${trivy_return}, expected '1'. Failing..."
+              exit 1
+            fi
           else
-            echo "trivy returned ${trivy_return}, expected '0'. Failing..."
-            exit 1
+            if [[ "$trivy_return" -eq 0 ]]; then
+              echo "trivy correctly returned success: ${trivy_return}"
+            else
+              echo "trivy returned ${trivy_return}, expected '0'. Failing..."
+              exit 1
+            fi
           fi
 
           if [[ "$reviewdog_return" -eq 0 ]]; then
@@ -106,7 +106,7 @@ jobs:
           trivy_target: .
           reporter: github-pr-check
           level: info
-          working_directory: testdata/with_detections
+          working_directory: testdata/config/terraform/with_detections
 
       # The check is expected to fail on the test data
       - name: Check return codes
@@ -146,7 +146,7 @@ jobs:
           trivy_target: .
           reporter: github-pr-review
           level: info
-          working_directory: testdata/with_detections
+          working_directory: testdata/config/terraform/with_detections
 
       # The check is expected to fail on the test data
       #  but for forked PRs reviewdog will just output
@@ -191,7 +191,7 @@ jobs:
           trivy_target: .
           reporter: github-check
           level: info
-          working_directory: testdata/with_detections
+          working_directory: testdata/config/terraform/with_detections
 
       # The check is expected to fail on the test data
       - name: Check return codes

README.md

@@ -145,6 +145,18 @@ jobs:
 
 ## Development
 
+### Tests
+
+#### GitHub Actions
+
+You can add the test files under the `./testdata` without any other changes. You need to create a directory with following naming rules and put the test files.
+
+```
+./testdata/<trivy_target>/<data_type>/[with_detecitons|without_detections]
+```
+
+For example, files in `./testdata/config/terraform/without_detecions` runs `trivy config ./testdata/config/terraform/without_detections` expecting without any detections.
+
 ### Release
 
 #### [haya14busa/action-bumpr](https://github.com/haya14busa/action-bumpr)

testdata/filesystem/npm/with_detections/package.json

@@ -0,0 +1,15 @@
+{
+  "name": "npm",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "",
+  "dependencies": {
+    "lodash": "^4.0.0"
+  }
+}

testdata/filesystem/npm/without_detections/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "npm",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "",
+  "dependencies": {
+  }
+}

testdata/fs/npm/with_detections/package.json

@@ -0,0 +1,15 @@
+{
+  "name": "npm",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "",
+  "dependencies": {
+    "lodash": "^4.0.0"
+  }
+}

testdata/fs/npm/without_detections/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "npm",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "",
+  "dependencies": {
+  }
+}