mirror of
https://github.com/EnterpriseDB/repmgr.git
synced 2026-03-22 22:56:29 +00:00
100 lines
3.0 KiB
YAML
100 lines
3.0 KiB
YAML
###
|
|
# Foundation-security BlackDuck workflow
|
|
# version: 2.1
|
|
###
|
|
name: Foundation-Security/Black Duck Scan
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "**"
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
branches:
|
|
- "**"
|
|
schedule:
|
|
- cron: "0 3 * * *" # 3:00 AM UTC / 10PM EST
|
|
workflow_dispatch:
|
|
inputs:
|
|
scan-mode:
|
|
description: "BlackDuck Scan mode"
|
|
required: true
|
|
type: choice
|
|
options:
|
|
- RAPID
|
|
- INTELLIGENT
|
|
default: RAPID
|
|
ref:
|
|
description: "Branch to scan"
|
|
required: true
|
|
|
|
jobs:
|
|
Blackduck-Scan:
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
steps:
|
|
- name: Checkout source repository for dispatch runs
|
|
id: checkout-source-dispatch
|
|
if: github.event_name == 'workflow_dispatch'
|
|
uses: actions/checkout@v4
|
|
with:
|
|
repository: ${{ github.repository }}
|
|
ref: ${{ inputs.ref }}
|
|
path: source
|
|
token: ${{ secrets.GH_SLONIK }}
|
|
|
|
- name: Set project name and version for dispatch runs
|
|
id: set-project-name-and-version-dispatch
|
|
if: github.event_name == 'workflow_dispatch'
|
|
run: |
|
|
echo "PROJECT_NAME=${{ github.event.repository.name }}" >> "$GITHUB_ENV"
|
|
echo "PROJECT_VERSION=${{ inputs.ref }}" >> "$GITHUB_ENV"
|
|
|
|
- name: Checkout source repository for non-dispatch runs
|
|
id: checkout-source
|
|
if: github.event_name != 'workflow_dispatch'
|
|
uses: actions/checkout@v4
|
|
with:
|
|
repository: ${{ github.repository }}
|
|
ref: ${{ github.ref }}
|
|
path: source
|
|
token: ${{ secrets.GH_SLONIK }}
|
|
|
|
- name: Set project name and version for non-dispatch runs
|
|
id: set-project-name-and-version
|
|
if: github.event_name != 'workflow_dispatch'
|
|
run: |
|
|
echo "PROJECT_NAME=${{ github.event.repository.name }}" >> "$GITHUB_ENV"
|
|
echo "PROJECT_VERSION=${{ github.ref_name }}" >> "$GITHUB_ENV"
|
|
|
|
- name: Get short hash
|
|
shell: bash
|
|
if: ${{ inputs.scan-mode == 'INTELLIGENT' }}
|
|
run: |
|
|
cd source
|
|
echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
|
|
|
|
- name: Checkout foundation-security repository
|
|
id: checkout-foundation-security
|
|
uses: actions/checkout@v4
|
|
with:
|
|
repository: EnterpriseDB/foundation-security
|
|
ref: v2
|
|
path: foundation-security
|
|
token: ${{secrets.GH_SLONIK}}
|
|
|
|
- name: BlackDuck Scan
|
|
id: call-bd-action
|
|
uses: ./foundation-security/actions/blackduck
|
|
with:
|
|
github-token: ${{ secrets.GH_SLONIK }}
|
|
cloudsmith-token: ${{ secrets.CLOUDSMITH_READ_ALL }}
|
|
commit-hash: ${{ env.sha_short }}
|
|
git-tag: ${{ github.tag }}
|
|
blackduck-url: ${{ vars.BD_URL }}
|
|
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
|
|
project-name: ${{ env.PROJECT_NAME }}
|
|
project-version: ${{ env.PROJECT_VERSION }}
|