ci: Phylum integration

radixdlt · Jul 18, 2024 · 5ae41cd · 5ae41cd
1 parent da6eb0e
commit 5ae41cd
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 0 deletions.
diff --git a/.github/workflows/phylum-daily-analysis.yaml b/.github/workflows/phylum-daily-analysis.yaml
@@ -0,0 +1,46 @@
+name: Daily Analysis Phylum
+
+on:
+  schedule:
+    # Runs at 14:00 UTC every day
+    - cron: '0 14 * * *'
+jobs:
+  analyze_branch_phylum:
+    name: Analyze dependencies with Phylum
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        branch: [main, develop, release/babylon, release/anemone, release/bottlenose]
+        include:
+          - branch: main
+          - branch: develop
+          - branch: release/babylon
+          - branch: release/anemone
+          - branch: release/bottlenose
+      fail-fast: false 
+    steps:
+      - uses: RDXWorks-actions/checkout@main
+        with:
+          ref: ${{ matrix.branch }}
+          fetch-depth: 0
+      - uses: RDXWorks-actions/setup-python@main
+        with:
+          python-version: 3.10.6
+      - name: Install Phylum
+        run: |
+          curl https://sh.phylum.io/ | sh -s -- --yes
+          # Add the Python user base binary directory to PATH
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+      - name: Run Phylum Analysis
+        env: 
+          PHYLUM_API_KEY: ${{ secrets.PHYLUM_API_KEY }}         
+        run: phylum analyze --quiet --label ${{ matrix.branch }}_branch_daily_schedule > /dev/null 2>&1 || 
+          if [ $? -eq 100 ]; then 
+            echo "Phylum Analysis returned exit code 100, but continuing."; 
+            exit 0; 
+          else 
+            exit $?; 
+          fi
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -7,6 +7,25 @@ on:
 env:
   CARGO_TERM_COLOR: always
 jobs:
+
+  phylum-analyze:
+    if: ${{ github.event.pull_request }}
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/phylum-analyze.yml@main
+    permissions:
+      id-token: write
+      pull-requests: write
+      contents: read
+      deployments: write
+    secrets:
+      phylum_api_key: ${{ secrets.PHYLUM_API_KEY }}
+    with:
+      phylum_pr_number: ${{ github.event.number }}
+      phylum_pr_name: ${{ github.head_ref }}
+      phylum_group_name: Protocol
+      phylum_project_id: f41e9675-0a5d-4722-8ef8-3db8cbc8b8a8
+      github_repository: ${{ github.repository }}
+      add_report_comment_to_pull_request: true
+
   test:
     runs-on: ubuntu-latest
     steps:

diff --git a/.phylum_project b/.phylum_project
@@ -0,0 +1,7 @@
+id: f41e9675-0a5d-4722-8ef8-3db8cbc8b8a8
+name: radix-engine-toolkit
+created_at: 2024-05-30T11:37:17.381554+02:00
+group_name: Protocol
+depfiles:
+- path: ./package-lock.json
+  type: npm