From 4730940988ddc82f2abf385757f93a39277b98c5 Mon Sep 17 00:00:00 2001
From: Renato Valenzuela <valerena@amazon.com>
Date: Mon, 13 May 2024 21:55:10 +0000
Subject: [PATCH] Test binary check

---
 .github/workflows/check-binaries.yml | 51 ++++++++++++++++++++++++++++
 Makefile                             |  5 ++-
 2 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/check-binaries.yml

diff --git a/.github/workflows/check-binaries.yml b/.github/workflows/check-binaries.yml
new file mode 100644
index 0000000..1fa02c1
--- /dev/null
+++ b/.github/workflows/check-binaries.yml
@@ -0,0 +1,51 @@
+name: Check binaries
+
+# on:
+#   pull_request:
+#     branches:
+#       - develop
+
+on: 
+  workflow_dispatch:
+    inputs:
+      text:
+        description: 'Dummy text'
+        default: 'No text'
+  # schedule:
+  #   - cron: "* * * * *"s
+
+jobs:
+  check-binary:
+    runs-on: ubuntu-latest
+    outputs:
+      vulnerability: ${{steps.laststep.outputs}}
+    steps:
+      - uses: robinraju/release-downloader@v1.10
+        with:
+          latest: true
+          fileName: 'aws-lambda-rie*'
+          out-file-path: "bin"
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - name: check-binaries
+        run: make check-binaries
+      - id: laststep
+        run: cat $(ls -tr *.csv 2>/dev/null | tail -n1) >> "$GITHUB_OUTPUT"
+      # - id: laststep
+      #   run: cat $(ls -tr *.csv 2>/dev/null | tail -n1) >> "$GITHUB_OUTPUT"
+  # create-issue:
+  #   runs-on: ubuntu-latest
+  #   needs: check-binary
+  #   if: always() && needs.check-binary.outputs != ""
+  #   steps:
+  #     - name: Create Issue
+  #       uses: dacbd/create-issue-action@main
+  #       with:
+  #         token: ${{ github.token }}
+  #         title: |
+  #           CVEs found in latest RIE binaries
+  #         body: |
+  #           ##  CVEs found in latest RIE binaries:
+  #           > **${{ needs.check-binary.outputs}}**
+            
diff --git a/Makefile b/Makefile
index f7a714e..1ebdd7e 100644
--- a/Makefile
+++ b/Makefile
@@ -70,4 +70,7 @@ integ-tests-with-docker-old:
 	make ARCH=old compile-with-docker
 	make prep-python
 	make TEST_ARCH="" TEST_PORT=9052 exec-python-e2e-test
-	
\ No newline at end of file
+
+check-binaries: prep-python
+	.venv/bin/pip install cve-bin-tool
+	.venv/bin/python -m cve_bin_tool.cli bin/ -r go -d REDHAT,OSV,GAD,CURL --no-0-cve-report