Skip to content

TravisCI Integration

travisci-logo

In this guide we'll show you how to set up a TravisCI pipeline so that Mayhem can automatically test your code on every push.

You will need the following to run Mayhem in your TravisCI pipeline:

  1. Create a Mayhem API token.
  2. Add the newly created token as a "Secret Variable" in the pipeline's variables named MAYHEM_TOKEN

Pipeline Configuration for Mayhem with TravisCI

Create a .travis.yml file to configure a TravisCI pipeline to test your code:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
services:
  - docker

stages:
  - build

jobs:
  include:
    - stage: build
      name: "Build Job"
      script:
        # Build and push Docker image to registry
        - docker login ghcr.io -u $GITHUB_USERNAME -p $GITHUB_TOKEN
        - docker build -f Dockerfile -t ghcr.io/$REPO_SLUG:$TRAVIS_BRANCH .
        - docker push ghcr.io/$REPO_SLUG:$TRAVIS_BRANCH

env:
  global:
    # Set <username>/<repo> to lowercase
    - REPO_SLUG=$(echo "$TRAVIS_REPO_SLUG" | tr '[:upper:]' '[:lower:]')
  jobs:
    # Specify one or more Mayhemfiles for testing
    - MAYHEMFILE=mayhem/Mayhemfile.lighttpd
    - MAYHEMFILE=mayhem/Mayhemfile.mayhemit

script:
  # Download Mayhem CLI and log in to Mayhem server
  - curl -Lo ~/bin/mayhem ${MAYHEM_URL}/cli/Linux/mayhem && chmod +x ~/bin/mayhem
  - mayhem login $MAYHEM_URL $MAYHEM_TOKEN
  # Execute Mayhem run and fail if no run was executed
  - run=$(mayhem --verbosity info run . --project $REPO_SLUG --owner $GITHUB_USERNAME --image ghcr.io/$REPO_SLUG:$TRAVIS_BRANCH --file ${MAYHEMFILE} --duration 60 --branch-name $TRAVIS_BRANCH --revision $TRAVIS_COMMIT --ci-url https://app.travis-ci.com/github/$TRAVIS_REPO_SLUG/jobs/$TRAVIS_JOB_ID 2>/dev/null);
  - if [ -z "${run}" ]; then exit 1; fi
  # Otherwise, determine run name and wait for job to complete
  - runName=$(echo ${run} | awk -F / '{ print $(NF-1) }');
  - travis_wait 30 mayhem --verbosity info wait $run --owner $GITHUB_USERNAME --sarif sarif-${runName}.sarif --junit junit-${runName}.xml;
  - status=$(mayhem --verbosity info show --owner $GITHUB_USERNAME --format json $run | jq '.[0].status')
  - if [[ ${status} == *"stopped"* || ${status} == *"failed"* ]]; then exit 2; fi
  # Fail if defects were found
  - defects=$(mayhem --verbosity info show --owner $GITHUB_USERNAME --format json ${run} | jq '.[0].defects|tonumber')
  - if [[ ${defects} -gt 0 ]]; then echo "${defects} defects found!"; exit 3; fi

Integrating Mayhem with TravisCI

Now that we've shown you the .travis.yml file that you'll need to properly integrate Mayhem with TravisCI, let's walk through a working example.

Info

For this example we are forking the assets located at mcode-action-examples and integrating Mayhem into the TravisCI pipeline for the underlying targets.

github-repo

To get the config working in TravisCI, you will have to first set up the Secret Variables. For this example, we've set the following variables:

  1. MAYHEM_TOKEN: Your user generated Mayhem API token.
  2. MAYHEM_URL: The URL to the Mayhem server. Here we set https://app.mayhem.security.
  3. GITHUB_USERNAME: Your GitHub username.
  4. GITHUB_TOKEN: Your GitHub access token.

secret-variables

In addition, for the above .travis.yml configuration, we build and push our Docker image to the GitHub Container Registry. Therefore, make sure to set your project's visibility to Public to allow Mayhem to pull from the GitHub Container Registry for the repository Docker image.

repo-visibility

Once the above steps have been completed, you should be able to successfully execute a pipeline to have Mayhem test the underlying targets.

successful-pipeline