TypeScript x InvisiRisk #35

Workflow file for this run

	name: Build NPM Package

	on:
	workflow_dispatch: # This line allows the workflow to be triggered manually

	permissions:
	checks: write
	contents: write
	packages: read

	env:
	API_URL: https://app.invisirisk.com

	jobs:
	create_scan_in_IR_Portal:
	runs-on: ubuntu-latest
	outputs:
	scan_id: ${{ steps.parseResponse.outputs.scan_id }}
	steps:
	- name: Initiating SBOM Scan
	id: createScan
	uses: fjogeleit/http-request-action@v1.15.1
	with:
	url: '${{env.API_URL}}/utilityapi/v1/scan'
	method: 'POST'
	data: '{"api_key": "${{secrets.VB_API_KEY}}"}'
	- name: Parse Response
	id: parseResponse
	run: echo "scan_id=${{fromJSON(steps.createScan.outputs.response).data.scan_id}}" >> "$GITHUB_OUTPUT"

	ecr_details:
	runs-on: ubuntu-latest
	outputs:
	ecr_username: ${{steps.ecr_details.outputs.username}}
	ecr_token: ${{steps.ecr_details.outputs.token}}
	ecr_region: ${{steps.ecr_details.outputs.region}}
	ecr_id: ${{steps.ecr_details.outputs.registry_id}}
	steps:
	- name: Fetching VB Token
	id: fetchECRDetails
	uses: fjogeleit/http-request-action@v1.15.1
	with:
	url: '${{env.API_URL}}/utilityapi/v1/registry?api_key=${{secrets.VB_API_KEY}}'
	method: 'GET'
	- name: Decoding VB Token
	id: parseToken
	run: echo "DECODED_TOKEN=$(echo ${{ fromJson(steps.fetchECRDetails.outputs.response).data }} \| base64 -d)" >> "$GITHUB_OUTPUT"
	- name: ECR Details
	id: ecr_details
	run: \|
	echo "username=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).username}}" >> "$GITHUB_OUTPUT"
	echo "token=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).password}}" >> "$GITHUB_OUTPUT"
	echo "region=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).region}}" >> "$GITHUB_OUTPUT"
	echo "registry_id=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).registry_id}}" >> "$GITHUB_OUTPUT"

	start_proxy_and_build:
	runs-on: ubuntu-latest
	needs: [create_scan_in_IR_Portal, ecr_details]
	services:
	pse:
	image: 282904853176.dkr.ecr.us-west-2.amazonaws.com/invisirisk/pse-proxy:latest
	credentials:
	username: ${{needs.ecr_details.outputs.ecr_username}}
	password: ${{needs.ecr_details.outputs.ecr_token}}
	env:
	PSE_DEBUG_FLAG: --alsologtostderr
	POLICY_LOG: t
	INVISIRISK_JWT_TOKEN: ${{secrets.VB_API_KEY}}
	INVISIRISK_PORTAL: https://app.invisirisk.com/
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	container:
	image: node:18-alpine
	options: --cap-add=NET_ADMIN
	strategy:
	matrix:
	node-version: [18.x]
	steps:
	- name: Print Scan ID
	env:
	SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
	run: echo $SCAN_ID

	- name: PSE Action
	uses: invisirisk/pse-action@v1.0.8
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}

	- name: Checkout code
	uses: actions/checkout@v3
	with:
	fetch-depth: 0
	token: ${{ secrets.GITHUB_TOKEN }}

	- name: Configure Git
	run: \|
	git config --global --add safe.directory "${GITHUB_WORKSPACE}"
	git config --global user.name "GitHub Actions"
	git config --global user.email "github-actions[bot]@users.noreply.github.com"

	- name: Setup Node.js
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}

	- name: Install dependencies
	run: \|
	npm install
	npm ci

	- name: Build and test
	run: \|
	npm run build --if-present
	npm test

	- name: Commit and push changes
	run: \|
	if [[ -n "$(git status --porcelain)" ]]; then
	git add .
	git commit -m "chore: automated build and test updates [skip ci]"
	git push https://${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git HEAD:${{ github.ref }}
	else
	echo "No changes to commit"
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

TypeScript x InvisiRisk #35

Workflow file

TypeScript x InvisiRisk #35

Uh oh!

Workflow file for this run