Add nancy-fixer (#52)

giantswarm · Nov 28, 2023 · 3bd2356 · 3bd2356
1 parent ad374ca
commit 3bd2356
Showing 1 changed file with 21 additions and 5 deletions.
diff --git a/.github/workflows/zz_generated.fix_vulnerabilities.yaml b/.github/workflows/zz_generated.fix_vulnerabilities.yaml
@@ -23,25 +23,37 @@ jobs:
     name: Gather facts
     runs-on: ubuntu-22.04
     outputs:
-      repo_name: ${{ steps.gather_facts.outputs.repo_name }}
       branch: ${{ steps.gather_facts.outputs.branch }}
+      skip : ${{ steps.gather_facts.outputs.skip }}
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch || github.event.ref }}
       - name: Gather facts
         id: gather_facts
         run: |
           head="${{ inputs.branch || github.event.ref }}"
           echo "branch=${head}" >> $GITHUB_OUTPUT
 
           head="${head#refs/heads/}" # Strip "refs/heads/" prefix.
-          repo_name="$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')"
-          echo "repo_name=\"$repo_name\" base=\"$base\" head=\"$head\" version=\"$version\""
-          echo "repo_name=${repo_name}" >> $GITHUB_OUTPUT
           echo "head=${head}" >> $GITHUB_OUTPUT
+
+          # Skip if there are no go mod files
+          if [[ ! -e go.mod ]] && [[ ! -e go.sum ]]; then
+            skip=true
+            echo "There are no go mod files in the repo, skipping"
+          else
+            skip=false
+          fi
+          echo "skip=${skip}" >> $GITHUB_OUTPUT
+          echo head=\"$head\" skip=\"$skip\""
   run_nancy_fixer:
     name: Fix vulnerabilities with nancy-fixer
     runs-on: ubuntu-22.04
     needs:
       - gather_facts
+    if: ${{ needs.gather_facts.outputs.skip != 'true' }}
     steps:
       - name: Generate a token
         id: generate_token
@@ -64,7 +76,11 @@ jobs:
       - name: Commit new files
         run: |
           git add -A
-          git commit -m "Apply fixes for vulnerabilities"
+          if git diff-index --quiet HEAD; then
+            echo "No changes found"
+          else
+            git commit -m "Remediate Nancy findings"
+          fi
       - name: Push changes
         env:
           remote_repo: "https://${{ github.actor }}:${{ steps.generate_token.outputs.token }}@github.com/${{ github.repository }}.git"