Unified Language User Guides
iCR User Guide 4.2
iCR User Guide 4.2
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Access with a Cloud-Based VCS Repository Service
        • Authenticating GitHub Access with a Private VCS Repository
      • Authenticating GitLab Access with a Cloud-Based VCS Repository
        • Authenticating GitLab Access with a Private VCS Repository
      • Authenticating Bitbucket Access with a Cloud-Based VCS Repository
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
    • When you are complete
    • Integrating iCR Into Your CI/CD Workflows
      • Jenkins Workflow
        • Installing the plugin
        • Configuring the plugin
          • Creating a Personal Access Token
          • Copying Your Repository's URL
        • Viewing the Results
      • GitHub Actions Workflow
        • Workflow Overview
        • Preparing and Registering the Docker Image
        • Adding a Workflow to a Repository
        • Preparing the GitHub Workflow
          • Environment Variables
          • User Supplied Secrets
          • Setting the User Defined Secrets Values
        • Executing the Workflow
      • GitLab Workflow
        • Workflow Overview
        • Preparing the Docker Image
        • Configuring the GitLab Script variables
          • Environment Variables
          • User Supplied Variables
          • Creating a Personal Access Token
          • Setting the User Defined Variable Values
        • Executing the Workflow
      • Multiple Workflows
    • Appendix – Language Specific Fixer Lists
    • Appendix – Example Summary Report
    • Appendix - Sample Bug Listing
    • Appendix - Getting a BitBucket App Password for JENKINS
Powered by GitBook
On this page
  1. Table of contents
  2. Integrating iCR Into Your CI/CD Workflows
  3. GitHub Actions Workflow

Workflow Overview

PreviousGitHub Actions WorkflowNextPreparing and Registering the Docker Image

Last updated 10 months ago

Adding a CI/CD capability into a project repository requires connecting a workflow yml script created and managed in GitHub with the iCR server offering the analysis. It is assumed that there is a DevOps engineer, or someone with equivalent skill, who is already familiar with GitHub Actions and who will prepare iCR for integration into GitHub. The diagram below will be used as the reference for the steps.

Step 1. GitHub Actions employs a framework where customizable functionality can be easily added and controlled. Packages which implement custom behavior as a Docker image can be executed by GitHub Actions. This package, supplied by OpenRefactory, communicates securely with the iCR Navigator to identify and manage the automated workflow. The first step is to prepare the Docker package and register it with a GitHub user. OpenRefactory provides a convenient script to help with this step.

Step 2. Once the Docker image is ready, it needs to be within the User’s package registry.

Step 3. As a registered package available to the User, it now needs to be made available to any repository within which an Actions workflow is desired.

Step 5. When the trigger specified in the main.yml occurs, the script is executed. The Navigator will be requested to start an analysis using information provided from the script secrets.

Step 6. The Navigator will use that information to determine the correct branch to be analyzed. The Navigator will automatically fetch the source code of the configured repository in GitHub and initiate an analysis.

Step 7. Once the analysis completes, the user is notified via an email message. The email is sent to the address defined by one of the secrets from Step 4. An email address MUST be provided so that iCR has a way of not only signaling completion, but also a way of communicating any errors that may have occurred.

Step 8. Once notified that analysis is complete and that results are available, the user may login directly to the iCR server which ran the analysis. From that login, the user can enter the Reviewer to process results in exactly the same manner as described in the User Guide for Private Platforms.

Step 4. With the image registered and associated with one or more desired repositories, the DevOps engineer creates the required main.yml file in the repository’s .github/workflows folder. The script will identify the manner in which it will be triggered. The script provides the iCR server with necessary details about the project. GitHub Actions “secrets” to the script.

specify the arguments
registered as a package