Unified Language User Guides
iCR User Guide 5.0
iCR User Guide 5.0
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Cloud Access Using OAuth
      • Authenticating GitHub Cloud Access Using PAT
      • Authenticating GitHub Enterprise Access Using OAuth
      • Authenticating GitHub Enterprise Access Using PAT
      • Authenticating GitLab Cloud Access Using OAuth
      • Authenticating GitLab Cloud Access Using PAT
      • Authenticating GitLab Enterprise Access Using OAuth
      • Authenticating GitLab Enterprise Access Using PAT
      • Authenticating Bitbucket Cloud Access using OAuth
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • Updating your User Information
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
      • Reviewer summary and filters
        • Filter by Severity
        • Filter by Category
        • Filter by CWE
        • Filter by OWASP
        • Filter by Directory
      • Reviewing a fix
      • Accepting a fix
        • Accepting a fix when integrated with your bug system
      • Rejecting a fix
        • Rejecting a fix when integrated with your bug system
      • Undoing a fix
        • Undoing a fix when integrated with your bug system
      • Rejected fix history
      • Providing feedback
      • Applying the fixes
      • Cases needing manual attention
      • Comparing Analyses
      • Capturing results for printing or sharing
      • Ending a reviewer session
    • When you are complete
    • Integrating iCR Into Your CI/CD Workflows
      • Jenkins Workflow
        • Installing the plugin
        • Configuring the plugin
          • Creating a Personal Access Token
          • Copying Your Repository's URL
        • Viewing the Results
      • GitHub Actions Workflow
        • GitHub Actions Overview
        • Preparing the GitHub Workflow
          • Environment Variables
          • User Supplied Secrets
          • Setting the User Defined Secrets Values
        • Executing the Workflow
      • GitLab CI/CD Workflow
        • GitLab CI/CD OverView
        • Configuring the GitLab Script variables
          • Environment Variables
          • User Supplied Variables
          • Creating a Personal Access Token
          • Setting the User Defined Variable Values
        • Executing the Workflow
      • Multiple Workflows
    • Appendix – Language Specific Fixer Lists
    • Appendix - Sample Bug Listing
    • Appendix - Getting a BitBucket App Password for JENKINS
Powered by GitBook
On this page
  1. Table of contents
  2. Integrating iCR Into Your CI/CD Workflows
  3. GitHub Actions Workflow

Preparing the GitHub Workflow

PreviousGitHub Actions OverviewNextEnvironment Variables

Last updated 3 months ago

To trigger a workflow in GitHub CI/CD, a special yml script to invoke the iCR container must be inserted into the project’s repository. This script MUST be placed in the .github directory at the top level of the repository. If it is not already present, a subdirectory named workflows must be created. Then, within the workflows directory, a yml script describing the bahviour of the workflow is placed. This script is triggered upon events specified in the script.

The DevOps engineer preparing the workflow can create whatever triggers are appropriate for their specific needs. This script can be incorporated into a previous workflow script or edited to make the workflow operate as needed.

We won’t cover how to add a file to a GitHub repository as that is beyond the scope of this User Guide.

As an example, we will show the baritone project. We go to the main repository page for this project and look at the .github/workflows directory:

We have copied the sample script below into a file named githubAction.yml. Let’s quickly review the sample script:

# This is a basic workflow to help you get started with iCR CI/CD
# Name of the GitHub Actions workflow
name: Openrefactory_CI

# Controls when the workflow will run
on:
  push:
    branches: [ "master" ]  # Trigger the workflow on push events to the "master" branch
  pull_request:
    branches: [ "master" ]  # Trigger the workflow on pull request events to the "master" branch

jobs:
  OR_JOB:
    # Use GitHub-hosted runners or self-hosted runners based on your environment
    # For **enterprise must need self-hosted runners
    runs-on: ubuntu-latest # Use ubuntu-latest for GitHub cloud
    container:
      # Use this image for GitHub CI/CD
      image: openrefactory/icr-github-cicd:5.0.0

    steps:
      # Checkout repository to access source code
      - uses: actions/checkout@v3

      - name: Run OpenRefactory Analysis
        run: |
          /workspace/configure_run.sh ${{ github.ref_name }} \
          ${{ github.repositoryUrl }} \
          ${{ secrets.ICR_URL }} \
          ${{ secrets.ICR_USER_NAME }} \
          ${{ secrets.ICR_CI_CD_ACCESS_TOKEN }} \
          ${{ secrets.PERSONAL_ACCESS_TOKEN }} \
          ${{ secrets.MAIL_ADDRESS }} \
          ${{ secrets.LANGUAGE }} \
          ${{ secrets.LANGUAGE_VERSION }} 
        shell: bash

      - name: Check workflow status
        if: failure()
        run: echo "Workflow failed, please check logs."

# Instructions for Setting Up GitHub Secrets:
# 1. Go to your GitHub repository > Settings > Secrets and variables > Actions.
# 2. Click "New repository secret" and add the following secrets:
#    - ICR_URL: OpenRefactory instance URL (e.g., https://qa2.openrefactory.com)
#    - ICR_USER_NAME: Your OpenRefactory username
#    - ICR_CI_CD_ACCESS_TOKEN: Log in to iCR Dashboard > Settings > CI/CD Access Token > Copy CICD access token
#    - PERSONAL_ACCESS_TOKEN: GitHub personal access token
#    - MAIL_ADDRESS: Email to receive notifications
#    - LANGUAGE: Programming language (e.g., java, python,go)
#    - LANGUAGE_VERSION: Language version (only need for python between 3.4 to 3.14)
# 3. Save and trigger the workflow manually under the "Actions" tab.

In this sample script, the on: section specifies what will trigger the execution of this script. In this example, whenever a commit is pushed to the master branch, it will be executed. The container:image tags identify the iCR Docker name: openrefactory/icr-github-cicd:5.0.0. For items such as the User ID for the user for whom this workflow is to be executed, subsitute <User_ID> with that User's login ID.

The critical items of interest are the variables referenced in the run: step. They are needed to be able to locate the targeted iCR server and to provide the Navigator with the information required so it can authenticate itself with the proper username and identify the project and branch name.

There are seven variables in the script. Let’s look at all of them. They are broken into 2 groups: preconfigured environment variables and user supplied secret values.