veracode-uploadandscan-action/entrypoint.sh at master · buzzcode/veracode-uploadandscan-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/sh -l

# default to false, so as to not create a new App Profile
createprofile=false

# parse the inputs
# note that this relies on every param having a value, even if it's the empty string
# this should be fine due to how this is called (from the action.yml)
while :; do
     case $1 in
          -appname)
               appname=$2
               shift
               ;;
          -createprofile)
               if [ $2 = "true" ]; then
                    createprofile=true
               fi
               shift
               ;;
          -filepath)
               filepath=$2
               shift
               ;;
          -scan_name)
               scan_name=$2
               shift
               ;;
          -vid)
               vid=$2
               shift
               ;;
          -vkey)
               vkey=$2
               shift
               ;;
          -opt_args)
               opt_args=$2
               shift
               ;;
          *)
               break
     esac
     shift
done

echo "Calling Veracode Upload and Scan with:"
echo "    appname: $appname"
echo "    createprofile: $createprofile"
echo "    filepath: $filepath"
echo "    scan_name: $scan_name"
echo "    optional args: $opt_args"

# check for at least something in the filepath
if [ -z $filepath ]; then
     echo "ERROR: filepath is not set.  Please fix this."
     exit 1
fi

# check for vid and vkey set
if [ -z $vid ] || [ -z $vkey ]; then
     echo "ERROR: Veracode ID or Key not set.  Please fix this."
     exit 1
fi

#below pulls latest wrapper version. alternative is to pin a version like so:
#javawrapperversion=20.8.7.1
javawrapperversion=$(curl https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/maven-metadata.xml | grep latest |  cut -d '>' -f 2 | cut -d '<' -f 1)
echo "javawrapperversion: $javawrapperversion"

curl -sS -o VeracodeJavaAPI.jar "https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/$javawrapperversion/vosp-api-wrappers-java-$javawrapperversion.jar"

# build the command we're going to call
cmd="java -jar VeracodeJavaAPI.jar -action UploadAndScan"
cmd=$cmd" -appname '"$appname"'"
cmd=$cmd" -createprofile "$createprofile
cmd=$cmd" -filepath '"$filepath"'"
cmd=$cmd" -version '"$scan_name"'"
cmd=$cmd" -vid "$vid
cmd=$cmd" -vkey "$vkey
cmd=$cmd" -autoscan true"
cmd=$cmd" "$opt_args

echo $cmd
eval $cmd