diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml deleted file mode 100644 index 075213e3..00000000 --- a/.github/workflows/shiftleft.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# This workflow integrates ShiftLeft NG SAST with GitHub -# Visit https://docs.shiftleft.io for help -name: ShiftLeft - -on: - pull_request: - workflow_dispatch: - -jobs: - NextGen-Static-Analysis: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 - with: - go-version: '^1.14' - - name: Build - run: | - go build ./... - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - name: Extract branch name - shell: bash - run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" - id: extract_branch - - name: NextGen Static Analysis - run: | - ${GITHUB_WORKSPACE}/sl --version - ${GITHUB_WORKSPACE}/sl analyze --wait --app cloudflared --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --go --cpg $(pwd) - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - - - ## Uncomment the following section to enable build rule checking and enforcing. - #Build-Rules: - #runs-on: ubuntu-latest - #needs: NextGen-Static-Analysis - #steps: - #- uses: actions/checkout@v2 - #- name: Download ShiftLeft CLI - # run: | - # curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - #- name: Validate Build Rules - # run: | - # ${GITHUB_WORKSPACE}/sl check-analysis --app cloudflared \ - # --source 'tag.branch=${{ github.event.pull_request.base.ref }}' \ - # --target "tag.branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}" \ - # --report \ - # --github-pr-number=${{github.event.number}} \ - # --github-pr-user=${{ github.repository_owner }} \ - # --github-pr-repo=${{ github.event.repository.name }} \ - # --github-token=${{ secrets.GITHUB_TOKEN }} - # env: - #SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - \ No newline at end of file