Skip to content

Commit aa7f2bb

Browse files
parasole1parasole1
authored
Update main.yml
1 parent f1aec6a commit aa7f2bb

File tree

1 file changed

+66
-51
lines changed

1 file changed

+66
-51
lines changed

.github/workflows/main.yml

Lines changed: 66 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,34 @@
1-
name: Scanner
2-
on: [push]
1+
2+
name: Build NPM Package
3+
on:
4+
push:
5+
branches: [ main ]
6+
pull_request:
7+
branches: [ main ]
8+
9+
permissions:
10+
checks: write
11+
contents: read
12+
packages: read
313
env:
4-
API_URL: 'https://app.audit.dev.invisirisk.com'
5-
IMAGE_NAME: 'veribom-scanner:latest'
6-
SCAN_LICENSE: 'False'
7-
DEBUG: 'True'
8-
SCAN_TYPE: 'DIRECTORY'
9-
DIRECTORY_PATH: '/checkout'
14+
API_URL: https://app.audit.dev.invisirisk.com
1015

1116
jobs:
17+
create_scan_in_IR_Portal:
18+
runs-on: ubuntu-latest
19+
outputs:
20+
scan_id: ${{ steps.parseResponse.outputs.scan_id }}
21+
steps:
22+
- name: Initiating SBOM Scan
23+
id: createScan
24+
uses: fjogeleit/http-request-action@v1.15.1
25+
with:
26+
url: '${{env.API_URL}}/utilityapi/v1/scan'
27+
method: 'POST'
28+
data: '{"api_key": "${{secrets.VB_API_KEY}}"}'
29+
- name: Parse Response
30+
id: parseResponse
31+
run: echo "scan_id=${{fromJSON(steps.createScan.outputs.response).data.scan_id}}" >> "$GITHUB_OUTPUT"
1232
ecr_details:
1333
runs-on: ubuntu-latest
1434
outputs:
@@ -33,49 +53,44 @@ jobs:
3353
echo "token=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).password}}" >> "$GITHUB_OUTPUT"
3454
echo "region=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).region}}" >> "$GITHUB_OUTPUT"
3555
echo "registry_id=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).registry_id}}" >> "$GITHUB_OUTPUT"
36-
create_scan:
56+
57+
start_proxy_and_build:
3758
runs-on: ubuntu-latest
38-
outputs:
39-
scan_id: ${{steps.parseResponse.outputs.scan_id}}
59+
needs: [create_scan_in_IR_Portal, ecr_details]
60+
services:
61+
pse:
62+
image: 282904853176.dkr.ecr.us-west-2.amazonaws.com/invisirisk/pse-proxy:latest
63+
credentials:
64+
username: ${{needs.ecr_details.outputs.ecr_username}}
65+
password: ${{needs.ecr_details.outputs.ecr_token}}
66+
env:
67+
PSE_DEBUG_FLAG: --alsologtostderr
68+
POLICY_LOG: t
69+
INVISIRISK_JWT_TOKEN: ${{secrets.VB_API_KEY}}
70+
INVISIRISK_PORTAL: https://app.dev.veribom.com/
71+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
72+
container:
73+
image: node:18-alpine
74+
options: --cap-add=NET_ADMIN
75+
strategy:
76+
matrix:
77+
node-version: [18.x]
4078
steps:
41-
- name: Initiating SBOM Scan
42-
id: createScan
43-
uses: fjogeleit/http-request-action@v1.15.1
44-
with:
45-
url: '${{env.API_URL}}/utilityapi/v1/scan'
46-
method: 'POST'
47-
data: '{"api_key": "${{secrets.VB_API_KEY}}"}'
48-
- name: Parse Response
49-
id: parseResponse
50-
run: echo "scan_id=${{fromJSON(steps.createScan.outputs.response).data.scan_id}}" >> "$GITHUB_OUTPUT"
51-
run_scan:
52-
runs-on: ubuntu-latest
53-
needs: [ecr_details, create_scan]
54-
outputs:
55-
container_id: ${{steps.pullImage.outputs.container_id}}
56-
steps:
57-
- name: Pulling VB Image
58-
id: pullImage
59-
run: |
60-
echo "${{needs.ecr_details.outputs.ecr_token}}" | docker login -u ${{needs.ecr_details.outputs.ecr_username}} ${{needs.ecr_details.outputs.ecr_id}}.dkr.ecr.${{needs.ecr_details.outputs.ecr_region}}.amazonaws.com --password-stdin
61-
docker pull ${{needs.ecr_details.outputs.ecr_id}}.dkr.ecr.${{needs.ecr_details.outputs.ecr_region}}.amazonaws.com/$IMAGE_NAME
62-
- name: Checkout Code
63-
uses: actions/checkout@v4
64-
- name: Running VB Image
65-
run: |
66-
docker run --name scanner -v $GITHUB_WORKSPACE/:$DIRECTORY_PATH -e SCAN_LICENSE=$SCAN_LICENSE -e API_URL=$API_URL -e SCANCODE_DEBUG_PACKAGE_GRADLE=True -e SCAN_ID=${{needs.create_scan.outputs.scan_id}} -e SCAN_TYPE=$SCAN_TYPE -e DIRECTORY_PATH=$DIRECTORY_PATH -e API_KEY=${{secrets.VB_API_KEY}} ${{needs.ecr_details.outputs.ecr_id}}.dkr.ecr.${{needs.ecr_details.outputs.ecr_region}}.amazonaws.com/$IMAGE_NAME run_scanner
67-
echo "CONTAINER_ID=$(docker ps -aqf name=^scanner$)" >> "$GITHUB_ENV"
68-
- name: Checking Container Logs
69-
run: |
70-
set +e
71-
! docker logs $CONTAINER_ID 2>&1 | grep -qE '\| *ERROR *\|'
72-
echo "SCAN_ERROR=$?" >> "$GITHUB_ENV"
73-
docker rm $CONTAINER_ID
74-
- name: Checking for Warnings
75-
if: ${{env.SCAN_ERROR != 0}}
76-
run: echo "VB Scanning Completed With Warnings"
77-
- name: Checking for Warnings
78-
if: ${{env.SCAN_ERROR == 0}}
79-
run: echo "VB Scanning Completed"
80-
79+
- env:
80+
SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
81+
run: echo $SCAN_ID
82+
- uses: invisirisk/pse-action@v1.0.7
83+
with:
84+
github-token: ${{ secrets.GITHUB_TOKEN }}
85+
SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
86+
- name: Checkout the code
87+
uses: actions/checkout@v3
88+
- name: Use Node.js ${{ matrix.node-version }}
89+
uses: actions/setup-node@v3
90+
with:
91+
node-version: ${{ matrix.node-version }}
92+
- run: npm install
93+
- run: npm ci
94+
- run: npm run build --if-present
95+
- run: npm test
8196

0 commit comments

Comments
 (0)