Skip to content

Commit 73014dd

Browse files
parasole1parasole1
authored
Update main.yml
1 parent b17738c commit 73014dd

File tree

1 file changed

+52
-69
lines changed

1 file changed

+52
-69
lines changed

.github/workflows/main.yml

Lines changed: 52 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,14 @@
1-
2-
name: Build NPM Package
3-
on:
4-
push:
5-
branches: [ main ]
6-
pull_request:
7-
branches: [ main ]
8-
9-
permissions:
10-
checks: write
11-
contents: read
12-
packages: read
1+
name: Scanner
2+
on: [push]
133
env:
14-
API_URL: https://app.stage.invisirisk.com
15-
4+
API_URL: 'https://app.invisirisk.com'
5+
IMAGE_NAME: 'veribom-scanner:latest'
6+
SCAN_LICENSE: 'False'
7+
DEBUG: 'True'
8+
SCAN_TYPE: 'DIRECTORY'
9+
DIRECTORY_PATH: '/checkout'
10+
1611
jobs:
17-
create_scan_in_IR_Portal:
18-
runs-on: ubuntu-latest
19-
outputs:
20-
scan_id: ${{ steps.parseResponse.outputs.scan_id }}
21-
steps:
22-
- name: Initiating SBOM Scan
23-
id: createScan
24-
uses: fjogeleit/http-request-action@v1.15.1
25-
with:
26-
url: '${{env.API_URL}}/utilityapi/v1/scan'
27-
method: 'POST'
28-
data: '{"api_key": "${{secrets.VB_API_KEY}}"}'
29-
- name: Parse Response
30-
id: parseResponse
31-
run: echo "scan_id=${{fromJSON(steps.createScan.outputs.response).data.scan_id}}" >> "$GITHUB_OUTPUT"
3212
ecr_details:
3313
runs-on: ubuntu-latest
3414
outputs:
@@ -53,46 +33,49 @@ jobs:
5333
echo "token=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).password}}" >> "$GITHUB_OUTPUT"
5434
echo "region=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).region}}" >> "$GITHUB_OUTPUT"
5535
echo "registry_id=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).registry_id}}" >> "$GITHUB_OUTPUT"
56-
57-
start_proxy_and_build:
36+
create_scan:
37+
runs-on: ubuntu-latest
38+
outputs:
39+
scan_id: ${{steps.parseResponse.outputs.scan_id}}
40+
steps:
41+
- name: Initiating SBOM Scan
42+
id: createScan
43+
uses: fjogeleit/http-request-action@v1.15.1
44+
with:
45+
url: '${{env.API_URL}}/utilityapi/v1/scan'
46+
method: 'POST'
47+
data: '{"api_key": "${{secrets.VB_API_KEY}}"}'
48+
- name: Parse Response
49+
id: parseResponse
50+
run: echo "scan_id=${{fromJSON(steps.createScan.outputs.response).data.scan_id}}" >> "$GITHUB_OUTPUT"
51+
run_scan:
5852
runs-on: ubuntu-latest
59-
needs: [create_scan_in_IR_Portal, ecr_details]
60-
services:
61-
pse:
62-
image: 282904853176.dkr.ecr.us-west-2.amazonaws.com/invisirisk/pse-proxy:latest
63-
credentials:
64-
username: ${{needs.ecr_details.outputs.ecr_username}}
65-
password: ${{needs.ecr_details.outputs.ecr_token}}
66-
env:
67-
PSE_DEBUG_FLAG: --alsologtostderr
68-
POLICY_LOG: t
69-
INVISIRISK_JWT_TOKEN: ${{secrets.VB_API_KEY}}
70-
INVISIRISK_PORTAL: https://app.stage.invisirisk.com/
71-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
72-
POLICY_URL: "https://api.github.com/repos/ir-playground/policy/tarball/main"
73-
POLICY_TOKEN: ${{ secrets.POLICY_TOKEN }}
74-
container:
75-
image: node:18-alpine
76-
options: --cap-add=NET_ADMIN
77-
strategy:
78-
matrix:
79-
node-version: [18.x]
53+
needs: [ecr_details, create_scan]
54+
outputs:
55+
container_id: ${{steps.pullImage.outputs.container_id}}
8056
steps:
81-
- env:
82-
SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
83-
run: echo $SCAN_ID
84-
- uses: invisirisk/pse-action@v1.0.7
85-
with:
86-
github-token: ${{ secrets.GITHUB_TOKEN }}
87-
SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
88-
- name: Checkout the code
89-
uses: actions/checkout@v3
90-
- name: Use Node.js ${{ matrix.node-version }}
91-
uses: actions/setup-node@v3
92-
with:
93-
node-version: ${{ matrix.node-version }}
94-
- run: npm install
95-
- run: npm ci
96-
- run: npm run build --if-present
97-
- run: npm test
57+
- name: Pulling VB Image
58+
id: pullImage
59+
run: |
60+
echo "${{needs.ecr_details.outputs.ecr_token}}" | docker login -u ${{needs.ecr_details.outputs.ecr_username}} ${{needs.ecr_details.outputs.ecr_id}}.dkr.ecr.${{needs.ecr_details.outputs.ecr_region}}.amazonaws.com --password-stdin
61+
docker pull ${{needs.ecr_details.outputs.ecr_id}}.dkr.ecr.${{needs.ecr_details.outputs.ecr_region}}.amazonaws.com/$IMAGE_NAME
62+
- name: Checkout Code
63+
uses: actions/checkout@v4
64+
- name: Running VB Image
65+
run: |
66+
docker run --name scanner -v $GITHUB_WORKSPACE/:$DIRECTORY_PATH -e SCAN_LICENSE=$SCAN_LICENSE -e API_URL=$API_URL -e SCANCODE_DEBUG_PACKAGE_GRADLE=True -e SCAN_ID=${{needs.create_scan.outputs.scan_id}} -e SCAN_TYPE=$SCAN_TYPE -e DIRECTORY_PATH=$DIRECTORY_PATH -e API_KEY=${{secrets.VB_API_KEY}} ${{needs.ecr_details.outputs.ecr_id}}.dkr.ecr.${{needs.ecr_details.outputs.ecr_region}}.amazonaws.com/$IMAGE_NAME run_scanner
67+
echo "CONTAINER_ID=$(docker ps -aqf name=^scanner$)" >> "$GITHUB_ENV"
68+
- name: Checking Container Logs
69+
run: |
70+
set +e
71+
! docker logs $CONTAINER_ID 2>&1 | grep -qE '\| *ERROR *\|'
72+
echo "SCAN_ERROR=$?" >> "$GITHUB_ENV"
73+
docker rm $CONTAINER_ID
74+
- name: Checking for Warnings
75+
if: ${{env.SCAN_ERROR != 0}}
76+
run: echo "VB Scanning Completed With Warnings"
77+
- name: Checking for Warnings
78+
if: ${{env.SCAN_ERROR == 0}}
79+
run: echo "VB Scanning Completed"
80+
9881

0 commit comments

Comments
 (0)