---
# This workflow integrates ShiftLeft NG SAST with GitHub
# Visit https://docs.shiftleft.io for help
name: ShiftLeft

on:
  pull_request:
  workflow_dispatch:

jobs:
  NextGen-Static-Analysis:
    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@v2
    - name: Download ShiftLeft CLI
      run: |
        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
    - name: Extract branch name
      shell: bash
      run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
      id: extract_branch
    - name: NextGen Static Analysis
      run: ${GITHUB_WORKSPACE}/sl analyze --wait --app theHarvester --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --python $(pwd)
      env:
        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
        
   
  ## Uncomment the following section to enable build rule checking and enforcing.
  #Build-Rules: 
    #runs-on: ubuntu-latest
    #needs: NextGen-Static-Analysis
    #steps:
    #- uses: actions/checkout@v2
    #- name: Download ShiftLeft CLI
    #  run: |
    #    curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
    #- name: Validate Build Rules
    #  run: ${GITHUB_WORKSPACE}/sl check-analysis --app theHarvester \
    #       --source 'tag.branch=${{ github.event.pull_request.base.ref }}' \
    #       --target "tag.branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}" \
    #       --report \
    #       --github-pr-number=${{github.event.number}} \
    #       --github-pr-user=${{ github.repository_owner }} \
    #       --github-pr-repo=${{ github.event.repository.name }} \
    #       --github-token=${{ secrets.GITHUB_TOKEN }}
    #  env:
        #SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}