# Shiftleft engine v2
name: Analyze with ShiftLeft NG SAST

on:
  pull_request: # include to analyze when you create a pull request
    branches:
      - master
  workflow_dispatch:

jobs:
  NGSAST:
    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@v2
    - name: Download ShiftLeft cli
      run: |
        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
    - run: echo REPOSITORY_NAME=$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}') >> $GITHUB_ENV
      shell: bash
    - name: Python
      if: env.SHIFTLEFT_ACCESS_TOKEN != null
      run: |
        python3 -m venv .venv
        . .venv/bin/activate
        pip install --upgrade setuptools wheel
        [ -f requirements.txt ]         && pip install -r requirements.txt
        [ -f requirements/default.txt ] && pip install -r requirements/default.txt
        ${GITHUB_WORKSPACE}/sl analyze --tag app.group=$REPOSITORY_NAME --app ${REPOSITORY_NAME}-python --cpg --tag branch=${GITHUB_REF} --python $(pwd)
      env:
        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}