From 12c2bc6cf885773c9883eb657c5ab04421b2f392 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Wed, 20 Mar 2024 12:14:31 -0600 Subject: [PATCH 01/18] Update action.yml --- action.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index a75e118..4b9b44e 100644 --- a/action.yml +++ b/action.yml @@ -13,6 +13,10 @@ inputs: github-token: description: "GitaHub Token" required: true + mobb-project-name: + description: "Mobb Project Name" + required: false + default: 'My first project' outputs: fix-report-url: description: "Mobb fix report URL" @@ -42,4 +46,4 @@ runs: context: "Mobb fix report link" state: "success" target_url: ${{ steps.run-npx-mobb-dev.outputs.fix-report-url }} - sha: ${{github.event.pull_request.head.sha || github.sha}} \ No newline at end of file + sha: ${{github.event.pull_request.head.sha || github.sha}} From 8c29eb0ec79281dc098b7bb55d4ef70c20c7d1e6 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Wed, 20 Mar 2024 12:15:17 -0600 Subject: [PATCH 02/18] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index a9d3a86..9c7c98a 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,10 @@ This action posts the code and a SAST report to the Mobb vulnerability analysis **Required** The GitHub api token to use with the action. Usually available as `${{ secrets.GITHUB_TOKEN }}`. +## `mobb-project-name` + +**Optional** The Mobb Project Name where the fix analysis will be stored. If this is not specified, it will the analysis will default into the "My first project". + ## Outputs ## `fix-report-url` From 136646febe61776e98fc3d295d95745f23dde9c4 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Wed, 20 Mar 2024 12:15:57 -0600 Subject: [PATCH 03/18] Update action.yml --- review/action.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/review/action.yml b/review/action.yml index f28ad74..9013da9 100644 --- a/review/action.yml +++ b/review/action.yml @@ -16,6 +16,10 @@ inputs: scanner: description: "SAST scanner(codeql, snyk, checkmarx, fortify)" required: true + mobb-project-name: + description: "Mobb Project Name" + required: false + default: 'My first project' outputs: fix-report-url: description: "Mobb fix report URL" From 317eb3af83253e3db191b1abd7f7473449b8d5c2 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Wed, 20 Mar 2024 12:18:41 -0600 Subject: [PATCH 04/18] Update action.yml --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 4b9b44e..62d6c10 100644 --- a/action.yml +++ b/action.yml @@ -32,7 +32,7 @@ runs: REPO=$(git remote get-url origin) REPO=${REPO%".git"} BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - OUT=$(npx --yes mobbdev@latest analyze --ci -r $REPO --ref $BRANCH --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }}) + OUT=$(npx --yes mobbdev@latest analyze --ci -r $REPO --ref $BRANCH --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }}) --mobb-project-name ${{ inputs.mobb-project-name }}) RETVAL=$? if [ $RETVAL -ne 0 ]; then exit $RETVAL From 37b59dc1986aa67bbf6e25db8bec781a3bf31e16 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Wed, 20 Mar 2024 12:19:08 -0600 Subject: [PATCH 05/18] Update action.yml --- review/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/review/action.yml b/review/action.yml index 9013da9..ee7b71e 100644 --- a/review/action.yml +++ b/review/action.yml @@ -38,7 +38,7 @@ runs: SCANNER=${{ inputs.scanner }} PR_NUMBER=${{ github.event.pull_request.number }} - OUT=$(npx --yes mobbdev@latest review -r $REPO --ref $GITHUB_HEAD_REF --ch $GITHUB_SHA --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }} --pr $PR_NUMBER --github-token ${{ inputs.github-token }} --scanner $SCANNER) + OUT=$(npx --yes mobbdev@latest review -r $REPO --ref $GITHUB_HEAD_REF --ch $GITHUB_SHA --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }} --pr $PR_NUMBER --github-token ${{ inputs.github-token }} --scanner $SCANNER --mobb-project-name ${{ inputs.mobb-project-name }}) RETVAL=$? if [ $RETVAL -ne 0 ]; then exit $RETVAL From 9a3432c8dd54084487e6cd305c1a6ff10c501bd9 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Wed, 20 Mar 2024 12:19:24 -0600 Subject: [PATCH 06/18] Update action.yml --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 62d6c10..e6da48c 100644 --- a/action.yml +++ b/action.yml @@ -32,7 +32,7 @@ runs: REPO=$(git remote get-url origin) REPO=${REPO%".git"} BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - OUT=$(npx --yes mobbdev@latest analyze --ci -r $REPO --ref $BRANCH --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }}) --mobb-project-name ${{ inputs.mobb-project-name }}) + OUT=$(npx --yes mobbdev@latest analyze --ci -r $REPO --ref $BRANCH --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }} --mobb-project-name ${{ inputs.mobb-project-name }}) RETVAL=$? if [ $RETVAL -ne 0 ]; then exit $RETVAL From e3babb6f0d0a33576d998e4ecceb691761465a0e Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Wed, 18 Sep 2024 16:28:28 -0600 Subject: [PATCH 07/18] Update action.yml --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index e6da48c..a2ec244 100644 --- a/action.yml +++ b/action.yml @@ -32,7 +32,7 @@ runs: REPO=$(git remote get-url origin) REPO=${REPO%".git"} BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - OUT=$(npx --yes mobbdev@latest analyze --ci -r $REPO --ref $BRANCH --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }} --mobb-project-name ${{ inputs.mobb-project-name }}) + OUT=$(npx --yes mobbdev@latest analyze --ci -r $REPO --ref $BRANCH --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }} --mobb-project-name "${{ inputs.mobb-project-name }}") RETVAL=$? if [ $RETVAL -ne 0 ]; then exit $RETVAL From 93720ee7e8ca4e544df3d6a1244ad61a999a447c Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Wed, 18 Sep 2024 16:31:21 -0600 Subject: [PATCH 08/18] Update action.yml --- review/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/review/action.yml b/review/action.yml index 24c77fc..1ce9ac3 100644 --- a/review/action.yml +++ b/review/action.yml @@ -63,7 +63,7 @@ runs: COMMIT_HASH=$(git rev-parse $GITHUB_HEAD_REF) PR_NUMBER=${{ github.event.pull_request.number }} VUL_FILE_PATH=results/$(basename ${{ inputs.report-file }}) - OUT=$(npx --yes mobbdev@latest review -r $REPO --ref $GITHUB_HEAD_REF --ch $COMMIT_HASH --api-key ${{ inputs.api-key }} -f $VUL_FILE_PATH --pr $PR_NUMBER --github-token ${{ inputs.github-token }} --scanner $SCANNER -p . --mobb-project-name ${{ inputs.mobb-project-name }}) + OUT=$(npx --yes mobbdev@latest review -r $REPO --ref $GITHUB_HEAD_REF --ch $COMMIT_HASH --api-key ${{ inputs.api-key }} -f $VUL_FILE_PATH --pr $PR_NUMBER --github-token ${{ inputs.github-token }} --scanner $SCANNER -p . --mobb-project-name "${{ inputs.mobb-project-name }}") RETVAL=$? if [ $RETVAL -ne 0 ]; then exit $RETVAL From 652a968a9f3e895c7f7250a2978be55ba4b085f8 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Thu, 17 Oct 2024 16:57:35 -0600 Subject: [PATCH 09/18] Update action.yml --- review/action.yml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/review/action.yml b/review/action.yml index 1ce9ac3..c75ac5a 100644 --- a/review/action.yml +++ b/review/action.yml @@ -19,7 +19,10 @@ inputs: mobb-project-name: description: "Mobb Project Name" required: false - default: 'My first project' + auto-pr: + description: "Auto-PR flag" + required: false + default: false outputs: fix-report-url: description: "Mobb fix report URL" @@ -63,7 +66,24 @@ runs: COMMIT_HASH=$(git rev-parse $GITHUB_HEAD_REF) PR_NUMBER=${{ github.event.pull_request.number }} VUL_FILE_PATH=results/$(basename ${{ inputs.report-file }}) - OUT=$(npx --yes mobbdev@latest review -r $REPO --ref $GITHUB_HEAD_REF --ch $COMMIT_HASH --api-key ${{ inputs.api-key }} -f $VUL_FILE_PATH --pr $PR_NUMBER --github-token ${{ inputs.github-token }} --scanner $SCANNER -p . --mobb-project-name "${{ inputs.mobb-project-name }}") + MobbExecString="npx --yes mobbdev@latest review -r $REPO --ref $GITHUB_HEAD_REF --ch $COMMIT_HASH --api-key ${{ inputs.api-key }} -f $VUL_FILE_PATH --pr $PR_NUMBER --github-token ${{ inputs.github-token }} --scanner $SCANNER -p ." + + # Check if mobb-project-name exists and append it + if [ -n "${{ inputs.mobb-project-name }}" ]; then + echo "mobb-project-name specified: ${{ inputs.mobb-project-name }}" + MobbExecString+=" --mobb-project-name \"${{ inputs.mobb-project-name }}\"" + fi + + # Check if auto-pr flag is set append it + if [ -n "${{ inputs.auto-pr }}" ]; then + echo "Auto-PR flag is set" + MobbExecString+=" --auto-pr" + fi + + # Output the final command string for debugging + echo "Mobb Command: $MobbExecString" + OUT=$(eval $MobbExecString) + RETVAL=$? if [ $RETVAL -ne 0 ]; then exit $RETVAL From 6b4e6461a1c45ec0b61a7378f61a41276afa654c Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Thu, 17 Oct 2024 17:00:38 -0600 Subject: [PATCH 10/18] Update action.yml --- review/action.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/review/action.yml b/review/action.yml index c75ac5a..34484e0 100644 --- a/review/action.yml +++ b/review/action.yml @@ -22,7 +22,6 @@ inputs: auto-pr: description: "Auto-PR flag" required: false - default: false outputs: fix-report-url: description: "Mobb fix report URL" From b14ba186905bfa46823db980aaf62b95a845b679 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Thu, 17 Oct 2024 17:09:45 -0600 Subject: [PATCH 11/18] Update action.yml --- action.yml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index a2ec244..5a4ad63 100644 --- a/action.yml +++ b/action.yml @@ -16,7 +16,9 @@ inputs: mobb-project-name: description: "Mobb Project Name" required: false - default: 'My first project' + auto-pr: + description: "Auto-PR flag" + required: false outputs: fix-report-url: description: "Mobb fix report URL" @@ -32,7 +34,25 @@ runs: REPO=$(git remote get-url origin) REPO=${REPO%".git"} BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - OUT=$(npx --yes mobbdev@latest analyze --ci -r $REPO --ref $BRANCH --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }} --mobb-project-name "${{ inputs.mobb-project-name }}") + + MobbExecString="npx --yes mobbdev@latest review -r $REPO --ref $GITHUB_HEAD_REF --ch $COMMIT_HASH --api-key ${{ inputs.api-key }} -f $VUL_FILE_PATH --pr $PR_NUMBER --github-token ${{ inputs.github-token }} --scanner $SCANNER -p ." + + # Check if mobb-project-name exists and append it + if [ -n "${{ inputs.mobb-project-name }}" ]; then + echo "mobb-project-name specified: ${{ inputs.mobb-project-name }}" + MobbExecString+=" --mobb-project-name \"${{ inputs.mobb-project-name }}\"" + fi + + # Check if auto-pr flag is set append it + if [ -n "${{ inputs.auto-pr }}" ]; then + echo "Auto-PR flag is set" + MobbExecString+=" --auto-pr" + fi + + # Output the final command string for debugging and execute it + echo "Mobb Command: $MobbExecString" + OUT=$(eval $MobbExecString) + RETVAL=$? if [ $RETVAL -ne 0 ]; then exit $RETVAL From 45f22ac898834023e5b495c974ab763695c377da Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Thu, 17 Oct 2024 17:10:24 -0600 Subject: [PATCH 12/18] Update action.yml --- review/action.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/review/action.yml b/review/action.yml index 34484e0..2c27eb2 100644 --- a/review/action.yml +++ b/review/action.yml @@ -19,9 +19,6 @@ inputs: mobb-project-name: description: "Mobb Project Name" required: false - auto-pr: - description: "Auto-PR flag" - required: false outputs: fix-report-url: description: "Mobb fix report URL" @@ -73,12 +70,6 @@ runs: MobbExecString+=" --mobb-project-name \"${{ inputs.mobb-project-name }}\"" fi - # Check if auto-pr flag is set append it - if [ -n "${{ inputs.auto-pr }}" ]; then - echo "Auto-PR flag is set" - MobbExecString+=" --auto-pr" - fi - # Output the final command string for debugging echo "Mobb Command: $MobbExecString" OUT=$(eval $MobbExecString) From 2d7abbf24bc82b5d20d3e6aa083a37aadfb952ef Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Thu, 17 Oct 2024 17:11:25 -0600 Subject: [PATCH 13/18] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 9c7c98a..55158f0 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,10 @@ This action posts the code and a SAST report to the Mobb vulnerability analysis **Optional** The Mobb Project Name where the fix analysis will be stored. If this is not specified, it will the analysis will default into the "My first project". +## `auto-pr` + +**Optional** `true` or `false`. Enables Automatic Pull Request for fresh fixes. + ## Outputs ## `fix-report-url` From 61d87437d287b1bb0b628aba22ca7dd01affcead Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Thu, 17 Oct 2024 17:13:58 -0600 Subject: [PATCH 14/18] Update action.yml --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 5a4ad63..495e2ad 100644 --- a/action.yml +++ b/action.yml @@ -35,7 +35,7 @@ runs: REPO=${REPO%".git"} BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - MobbExecString="npx --yes mobbdev@latest review -r $REPO --ref $GITHUB_HEAD_REF --ch $COMMIT_HASH --api-key ${{ inputs.api-key }} -f $VUL_FILE_PATH --pr $PR_NUMBER --github-token ${{ inputs.github-token }} --scanner $SCANNER -p ." + MobbExecString="npx --yes mobbdev@latest analyze --ci -r $REPO --ref $BRANCH --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }}" # Check if mobb-project-name exists and append it if [ -n "${{ inputs.mobb-project-name }}" ]; then From e0e54b3d003df0fb6c05fa6d68e4ca1386d02ecb Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Thu, 17 Oct 2024 23:16:12 -0600 Subject: [PATCH 15/18] Update action.yml --- action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/action.yml b/action.yml index 495e2ad..3d18458 100644 --- a/action.yml +++ b/action.yml @@ -59,6 +59,8 @@ runs: fi OUT=$(echo $OUT | tr '\n' ' ') echo "fix-report-url=$OUT" >> $GITHUB_OUTPUT + echo "Mobb URL: $OUT" + shell: bash -l {0} - uses: Sibz/github-status-action@v1 with: From b849ec91148c15d03db830dc0d9dd1addf6e13cd Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Thu, 17 Oct 2024 23:16:23 -0600 Subject: [PATCH 16/18] Update action.yml --- review/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/review/action.yml b/review/action.yml index 2c27eb2..dc3c7c0 100644 --- a/review/action.yml +++ b/review/action.yml @@ -81,6 +81,8 @@ runs: OUT=$(echo $OUT | tr '\n' ' ') echo "fix-report-url=$OUT" >> $GITHUB_OUTPUT + echo "Mobb URL: $OUT" + shell: bash -l {0} - uses: Sibz/github-status-action@v1 with: From 1b5de136f65e592c4a277d2e8eda6cffb12ddaf8 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Mon, 27 Jan 2025 15:31:00 -0700 Subject: [PATCH 17/18] Updated README.md and action.yml with new commit-directly flag --- README.md | 5 +++++ action.yml | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/README.md b/README.md index 55158f0..49ca131 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,11 @@ This action posts the code and a SAST report to the Mobb vulnerability analysis **Optional** `true` or `false`. Enables Automatic Pull Request for fresh fixes. +## `commit-directly` + +**Optional** `true` or `false`. This requires `auto-pr` to be set to `true`. Once set, Fixes will be committed directly to the source branch. + + ## Outputs ## `fix-report-url` diff --git a/action.yml b/action.yml index 3d18458..a396094 100644 --- a/action.yml +++ b/action.yml @@ -19,6 +19,10 @@ inputs: auto-pr: description: "Auto-PR flag" required: false + commit-directly: + description: "Commit Directly flag, this requires Auto-PR flag to be set. Once enabled, Mobb will commit the fixes directly to the branch" + required: false + outputs: fix-report-url: description: "Mobb fix report URL" From 598478c44a2d6dbfa4b687a56c2b076713a36971 Mon Sep 17 00:00:00 2001 From: Antony Chiu Date: Mon, 27 Jan 2025 16:23:05 -0700 Subject: [PATCH 18/18] Updated README.md and action.yml with new commit-directly flag --- action.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index a396094..16ecb7c 100644 --- a/action.yml +++ b/action.yml @@ -48,11 +48,17 @@ runs: fi # Check if auto-pr flag is set append it - if [ -n "${{ inputs.auto-pr }}" ]; then + if [ "${{ inputs.auto-pr }}" == "true" ]; then echo "Auto-PR flag is set" MobbExecString+=" --auto-pr" fi + # Check if commit-directly flag is set append it to the Mobb CLI command + if [ "${{ inputs.commit-directly }}" == "true" ]; then + echo "Commit Directly flag is set" + MobbExecString+=" --commit-directly" + fi + # Output the final command string for debugging and execute it echo "Mobb Command: $MobbExecString" OUT=$(eval $MobbExecString)