From 14371b675aba8d9208d4e0265b3e256cce5dde55 Mon Sep 17 00:00:00 2001 From: Gerald Morrison <67469729+morri-son@users.noreply.github.com> Date: Mon, 16 Oct 2023 16:54:00 +0200 Subject: [PATCH 1/3] add blackduck scans --- .github/workflows/blackduck_scan.yaml | 55 +++++++++++++++++++ .../workflows/blackduck_scan_scheduled.yaml | 34 ++++++++++++ 2 files changed, 89 insertions(+) create mode 100644 .github/workflows/blackduck_scan.yaml create mode 100644 .github/workflows/blackduck_scan_scheduled.yaml diff --git a/.github/workflows/blackduck_scan.yaml b/.github/workflows/blackduck_scan.yaml new file mode 100644 index 0000000..7e254e9 --- /dev/null +++ b/.github/workflows/blackduck_scan.yaml @@ -0,0 +1,55 @@ +name: Blackduck Scan PR +on: + pull_request_target: + branches: [main] + # push: + # branches: [main] + +permissions: + checks: write + pull-requests: write + +#invoke forked detect-action as the one from synopsys is deprecated: https://github.com/mercedesbenzio/detect-action +jobs: + blackduck: + runs-on: [ubuntu-latest] + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Set up Java 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + + - name: Blackduck Full Scan + if: ${{ github.event_name != 'pull_request_target' }} + uses: mercedesbenzio/detect-action@v1 + env: + DETECT_PROJECT_USER_GROUPS: opencomponentmodel + DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS + DETECT_SOURCE_PATH: ./ + NODE_TLS_REJECT_UNAUTHORIZED: true + with: + scan-mode: INTELLIGENT + github-token: ${{ secrets.GITHUB_TOKEN }} + blackduck-url: ${{ secrets.BLACKDUCK_URL }} + blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }} + + - name: Blackduck PR Scan + if: ${{ github.event_name == 'pull_request_target' }} + uses: mercedesbenzio/detect-action@v1 + env: + DETECT_PROJECT_USER_GROUPS: opencomponentmodel + DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS + DETECT_SOURCE_PATH: ./ + NODE_TLS_REJECT_UNAUTHORIZED: true + BLACKDUCK_SKIP_PHONE_HOME: true + #LOGGING_LEVEL_COM_SYNOPSYS_INTEGRATION: DEBUG + with: + scan-mode: RAPID + github-token: ${{ secrets.GITHUB_TOKEN }} + blackduck-url: ${{ secrets.BLACKDUCK_URL }} + blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }} + detect-version: 8.8.0 + \ No newline at end of file diff --git a/.github/workflows/blackduck_scan_scheduled.yaml b/.github/workflows/blackduck_scan_scheduled.yaml new file mode 100644 index 0000000..4defab9 --- /dev/null +++ b/.github/workflows/blackduck_scan_scheduled.yaml @@ -0,0 +1,34 @@ +name: Blackduck Scan Cronjob +on: + schedule: + - cron: '15 1 * * 0' + +permissions: + checks: write + +jobs: + build: + runs-on: [ ubuntu-latest ] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Java 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + + - name: Blackduck Full Scan + uses: mercedesbenzio/detect-action@v1 + env: + DETECT_PROJECT_USER_GROUPS: opencomponentmodel + DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS + DETECT_SOURCE_PATH: ./ + NODE_TLS_REJECT_UNAUTHORIZED: true + with: + scan-mode: INTELLIGENT + github-token: ${{ secrets.GITHUB_TOKEN }} + blackduck-url: ${{ secrets.BLACKDUCK_URL }} + blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }} + detect-version: 8.8.0 From a40bbd41dc2856dcd15b538bf3c740014f23fc4e Mon Sep 17 00:00:00 2001 From: Gerald Morrison <67469729+morri-son@users.noreply.github.com> Date: Tue, 17 Oct 2023 10:06:16 +0200 Subject: [PATCH 2/3] remove PR scan --- .github/workflows/blackduck_scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/blackduck_scan.yaml b/.github/workflows/blackduck_scan.yaml index 7e254e9..dc75a47 100644 --- a/.github/workflows/blackduck_scan.yaml +++ b/.github/workflows/blackduck_scan.yaml @@ -1,7 +1,7 @@ name: Blackduck Scan PR on: - pull_request_target: - branches: [main] + # pull_request_target: + # branches: [main] # push: # branches: [main] From a051292745dde1af657b203f69ebdf2333d1a069 Mon Sep 17 00:00:00 2001 From: Gerald Morrison <67469729+morri-son@users.noreply.github.com> Date: Tue, 17 Oct 2023 10:11:00 +0200 Subject: [PATCH 3/3] remove workflow --- .github/workflows/blackduck_scan.yaml | 55 --------------------------- 1 file changed, 55 deletions(-) delete mode 100644 .github/workflows/blackduck_scan.yaml diff --git a/.github/workflows/blackduck_scan.yaml b/.github/workflows/blackduck_scan.yaml deleted file mode 100644 index dc75a47..0000000 --- a/.github/workflows/blackduck_scan.yaml +++ /dev/null @@ -1,55 +0,0 @@ -name: Blackduck Scan PR -on: - # pull_request_target: - # branches: [main] - # push: - # branches: [main] - -permissions: - checks: write - pull-requests: write - -#invoke forked detect-action as the one from synopsys is deprecated: https://github.com/mercedesbenzio/detect-action -jobs: - blackduck: - runs-on: [ubuntu-latest] - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Set up Java 17 - uses: actions/setup-java@v3 - with: - java-version: '17' - distribution: 'temurin' - - - name: Blackduck Full Scan - if: ${{ github.event_name != 'pull_request_target' }} - uses: mercedesbenzio/detect-action@v1 - env: - DETECT_PROJECT_USER_GROUPS: opencomponentmodel - DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS - DETECT_SOURCE_PATH: ./ - NODE_TLS_REJECT_UNAUTHORIZED: true - with: - scan-mode: INTELLIGENT - github-token: ${{ secrets.GITHUB_TOKEN }} - blackduck-url: ${{ secrets.BLACKDUCK_URL }} - blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }} - - - name: Blackduck PR Scan - if: ${{ github.event_name == 'pull_request_target' }} - uses: mercedesbenzio/detect-action@v1 - env: - DETECT_PROJECT_USER_GROUPS: opencomponentmodel - DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS - DETECT_SOURCE_PATH: ./ - NODE_TLS_REJECT_UNAUTHORIZED: true - BLACKDUCK_SKIP_PHONE_HOME: true - #LOGGING_LEVEL_COM_SYNOPSYS_INTEGRATION: DEBUG - with: - scan-mode: RAPID - github-token: ${{ secrets.GITHUB_TOKEN }} - blackduck-url: ${{ secrets.BLACKDUCK_URL }} - blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }} - detect-version: 8.8.0 - \ No newline at end of file