Kartik saurya patch 16 #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Example Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - '**/feature/**' | |
| pull_request: | |
| branches: | |
| - main | |
| - '**/feature/**' | |
| jobs: | |
| build-and-sbom: | |
| name: Build, Secret Scan, and Generate SBOM | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Vulnetability Scan Task | |
| uses: argonsecurity/scanner-action | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: Install Syft | |
| run: | | |
| echo "Installing Syft..." | |
| curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin | |
| syft version # Verify installation | |
| - name: Build project | |
| run: | | |
| echo "Building the project..." | |
| mkdir -p ./build # Ensure build directory exists | |
| # Replace this with your actual build command | |
| # For example, for a Python project: python setup.py build | |
| # Or for a Node.js project: npm run build | |
| echo "Generating SBOM..." | |
| syft ./build -o sbom.json -f syft-json # Use the correct flag for format | |
| echo "metadata_build=true" >> $GITHUB_ENV # Set build metadata to true | |
| - name: Secret Scan Command | |
| run: | | |
| echo "Running Secret Scan..." | |
| git secrets --scan | |
| - name: Upload SBOM artifact | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: sbom | |
| path: sbom.json | |
| # curl in command substitution | |
| - name: curl in command substitution | |
| run: | | |
| CONTENTS=$(curl http://www.example.com/) | |
| echo "$CONTENTS" | |
| # wget in command substitution | |
| - name: wget in command substitution | |
| run: | | |
| CONTENTS=$(wget -qO- https://www.example.com/) | |
| echo "$CONTENTS" | |
| # curl in complex command with piping | |
| - name: curl in complex command with piping | |
| run: curl https://www.example.com/ | tee outputfile.txt | |
| # wget in complex command with redirection | |
| - name: wget in complex command with redirection | |
| run: wget http://ipv4.download.thinkbroadband.com/10MB.zip > downloadedfile.zip | |
| - name: Set metadata.build to true | |
| run: | | |
| echo "Setting metadata.build to true..." | |
| echo "metadata_build=true" >> $GITHUB_ENV # Ensure the environment variable is set | |
| env: | |
| METADATA_BUILD: true | |
| environment: development | |
| permissions: | |
| contents: read | |
| issues: write | |
| concurrency: | |
| group: example-group | |
| cancel-in-progress: true |