forked from veracode/github-actions-integration
-
Notifications
You must be signed in to change notification settings - Fork 0
98 lines (91 loc) · 2.76 KB
/
veracode-default-build.yml
File metadata and controls
98 lines (91 loc) · 2.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
name: Veracode Build
on:
workflow_call:
inputs:
repository:
required: true
type: string
ref:
required: true
type: string
token:
required: true
type: string
event_name:
required: true
type: string
build_runs_on:
required: true
type: string
build_packager_image:
required: true
type: string
build_predependency_command:
required: true
type: string
ruby_version:
required: true
type: string
bundle_version:
required: true
type: string
jobs:
build:
runs-on: ${{ inputs.build_runs_on }}
container:
image: ${{ inputs.build_packager_image }}
env:
VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'
steps:
- uses: actions/checkout@v4
with:
repository: ${{ inputs.repository }}
ref: ${{ inputs.ref }}
token: ${{ inputs.token }}
- uses: actions/checkout@v4
with:
path: 'veracode-helper'
- name: Setup for Ruby
if: contains(${{ inputs.event_name }}, 'ruby')
id: ruby_setup
shell: bash
run: |
source /etc/profile.d/rvm.sh
rvm pkg install openssl
rvm install ruby-${{ inputs.ruby_version }}
gem install bundler -v ${{ inputs.bundle_version }}
gem install veracode
- name: Fetch Dependencies
id: fetch_dependencies
run: |
${{ inputs.build_predependency_command }}
- name: Package the application
id: application_package
shell: bash
env:
VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'
run: |
if [[ "${{ inputs.event_name }}" == *"ruby"* ]]; then
bundle install
fi
working_path=`pwd`
echo "working_dir=$working_path" >> "$GITHUB_OUTPUT"
cd veracode-helper/helper/cli
cliFile=$(ls -1 . | head -n 1)
cliFileName=$(echo "$cliFile" | cut -c 1-$((${#cliFile}-7)))
tar -zxvf $cliFile
cd $cliFileName
export PATH="veracode-helper/helper/cli/$cliFileName:$PATH"
cd $working_path
veracode package --source . --output veracode-artifacts --trust
- name: Package error
if: failure() && steps.application_package.outcome == 'failure'
run: |
echo "::error::Veracode static scan faced a problem. Please contact your Veracode administrator for more information."
- uses: actions/upload-artifact@v4
with:
name: veracode-artifact
path: "${{ steps.application_package.outputs.working_dir }}/veracode-artifacts/*"
if-no-files-found: error