Skip to content

ci(FS-7095): Update blackduck-scan.yml #1

ci(FS-7095): Update blackduck-scan.yml

ci(FS-7095): Update blackduck-scan.yml #1

###
# Foundation-security BlackDuck workflow
# version: 2.1
###
name: Foundation-Security/Black Duck Scan
on:
push:
tags:
- "**"
pull_request:
types: [opened, synchronize, reopened]
branches:
- "**"
schedule:
- cron: "0 3 * * *" # 3:00 AM UTC / 10PM EST
workflow_dispatch:
inputs:
scan-mode:
description: "BlackDuck Scan mode"
required: true
type: choice
options:
- RAPID
- INTELLIGENT
default: RAPID
ref:
description: "Branch to scan"
required: true
jobs:
Blackduck-Scan:
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
steps:
- name: Checkout source repository for dispatch runs
id: checkout-source-dispatch
if: github.event_name == 'workflow_dispatch'
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ inputs.ref }}
path: source
token: ${{ secrets.GH_SLONIK }}
- name: Set project name and version for dispatch runs
id: set-project-name-and-version-dispatch
if: github.event_name == 'workflow_dispatch'
run: |
echo "PROJECT_NAME=${{ github.event.repository.name }}" >> "$GITHUB_ENV"
echo "PROJECT_VERSION=${{ inputs.ref }}" >> "$GITHUB_ENV"
- name: Checkout source repository for non-dispatch runs
id: checkout-source
if: github.event_name != 'workflow_dispatch'
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ github.ref }}
path: source
token: ${{ secrets.GH_SLONIK }}
- name: Set project name and version for non-dispatch runs
id: set-project-name-and-version
if: github.event_name != 'workflow_dispatch'
run: |
echo "PROJECT_NAME=${{ github.event.repository.name }}" >> "$GITHUB_ENV"
echo "PROJECT_VERSION=${{ github.ref_name }}" >> "$GITHUB_ENV"
- name: Get short hash
shell: bash
if: ${{ inputs.scan-mode == 'INTELLIGENT' }}
run: |
cd source
echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
- name: Checkout foundation-security repository
id: checkout-foundation-security
uses: actions/checkout@v4
with:
repository: EnterpriseDB/foundation-security
ref: v2
path: foundation-security
token: ${{secrets.GH_SLONIK}}
- name: BlackDuck Scan
id: call-bd-action
uses: ./foundation-security/actions/blackduck
with:
github-token: ${{ secrets.GH_SLONIK }}
cloudsmith-token: ${{ secrets.CLOUDSMITH_READ_ALL }}
commit-hash: ${{ env.sha_short }}
git-tag: ${{ github.tag }}
blackduck-url: ${{ vars.BD_URL }}
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
project-name: ${{ env.PROJECT_NAME }}
project-version: ${{ env.PROJECT_VERSION }}