Skip to content

Commit

Permalink
ci(FS-7115): Update blackduck-scan.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
jwsapienza committed Jan 30, 2024
1 parent d3b1ff4 commit 99d6395
Showing 1 changed file with 99 additions and 0 deletions.
99 changes: 99 additions & 0 deletions .github/workflows/blackduck-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
###
# Foundation-security BlackDuck workflow
# version: 2.1
###
name: Foundation-Security/Black Duck Scan

on:
push:
tags:
- "**"
pull_request:
types: [opened, synchronize, reopened]
branches:
- "**"
schedule:
- cron: "0 3 * * *" # 3:00 AM UTC / 10PM EST
workflow_dispatch:
inputs:
scan-mode:
description: "BlackDuck Scan mode"
required: true
type: choice
options:
- RAPID
- INTELLIGENT
default: RAPID
ref:
description: "Branch to scan"
required: true

jobs:
Blackduck-Scan:
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
steps:
- name: Checkout source repository for dispatch runs
id: checkout-source-dispatch
if: github.event_name == 'workflow_dispatch'
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ inputs.ref }}
path: source
token: ${{ secrets.GH_SLONIK }}

- name: Set project name and version for dispatch runs
id: set-project-name-and-version-dispatch
if: github.event_name == 'workflow_dispatch'
run: |
echo "PROJECT_NAME=${{ github.event.repository.name }}" >> "$GITHUB_ENV"
echo "PROJECT_VERSION=${{ inputs.ref }}" >> "$GITHUB_ENV"
- name: Checkout source repository for non-dispatch runs
id: checkout-source
if: github.event_name != 'workflow_dispatch'
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ github.ref }}
path: source
token: ${{ secrets.GH_SLONIK }}

- name: Set project name and version for non-dispatch runs
id: set-project-name-and-version
if: github.event_name != 'workflow_dispatch'
run: |
echo "PROJECT_NAME=${{ github.event.repository.name }}" >> "$GITHUB_ENV"
echo "PROJECT_VERSION=${{ github.ref_name }}" >> "$GITHUB_ENV"
- name: Get short hash
shell: bash
if: ${{ inputs.scan-mode == 'INTELLIGENT' }}
run: |
cd source
echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
- name: Checkout foundation-security repository
id: checkout-foundation-security
uses: actions/checkout@v4
with:
repository: EnterpriseDB/foundation-security
ref: v2
path: foundation-security
token: ${{secrets.GH_SLONIK}}

- name: BlackDuck Scan
id: call-bd-action
uses: ./foundation-security/actions/blackduck
with:
github-token: ${{ secrets.GH_SLONIK }}
cloudsmith-token: ${{ secrets.CLOUDSMITH_READ_ALL }}
commit-hash: ${{ env.sha_short }}
git-tag: ${{ github.tag }}
blackduck-url: ${{ vars.BD_URL }}
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
project-name: ${{ env.PROJECT_NAME }}
project-version: ${{ env.PROJECT_VERSION }}

0 comments on commit 99d6395

Please sign in to comment.