Update main.yml

parasole1 · web-flow · commit c9f4dd2998b9 · 2025-02-19T14:49:42.000+05:45
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,5 +1,5 @@
-
 name: Build NPM Package
+
 on:
   push:
     branches: [ main ]
@@ -8,10 +8,11 @@ on:
 
 permissions:
   checks: write
-  contents: read
+  contents: write
   packages: read
+
 env:
-  API_URL: https://app.audit.dev.invisirisk.com
+  API_URL: https://app.invisirisk.com
 
 jobs:
   create_scan_in_IR_Portal:
@@ -29,6 +30,7 @@ jobs:
       - name: Parse Response
         id: parseResponse
         run: echo "scan_id=${{fromJSON(steps.createScan.outputs.response).data.scan_id}}" >> "$GITHUB_OUTPUT"
+
   ecr_details:
     runs-on: ubuntu-latest
     outputs:
@@ -41,8 +43,8 @@ jobs:
         id: fetchECRDetails
         uses: fjogeleit/http-request-action@v1.15.1
         with:
-            url: '${{env.API_URL}}/utilityapi/v1/registry?api_key=${{secrets.VB_API_KEY}}'
-            method: 'GET'
+          url: '${{env.API_URL}}/utilityapi/v1/registry?api_key=${{secrets.VB_API_KEY}}'
+          method: 'GET'
       - name: Decoding VB Token
         id: parseToken
         run: echo "DECODED_TOKEN=$(echo ${{ fromJson(steps.fetchECRDetails.outputs.response).data }} | base64 -d)" >> "$GITHUB_OUTPUT"
@@ -53,44 +55,73 @@ jobs:
           echo "token=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).password}}" >> "$GITHUB_OUTPUT"
           echo "region=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).region}}" >> "$GITHUB_OUTPUT"
           echo "registry_id=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).registry_id}}" >> "$GITHUB_OUTPUT"
-          
+
   start_proxy_and_build:
     runs-on: ubuntu-latest
     needs: [create_scan_in_IR_Portal, ecr_details]
     services:
       pse:
-        image: 282904853176.dkr.ecr.us-west-2.amazonaws.com/invisirisk/pse-proxy:dev-test
+        image: 282904853176.dkr.ecr.us-west-2.amazonaws.com/invisirisk/pse-proxy:latest
         credentials:
           username: ${{needs.ecr_details.outputs.ecr_username}}
           password: ${{needs.ecr_details.outputs.ecr_token}}
-        env:
-          PSE_DEBUG_FLAG: --alsologtostderr
-          POLICY_LOG: t
-          INVISIRISK_JWT_TOKEN: ${{secrets.VB_API_KEY}} 
-          INVISIRISK_PORTAL: https://app.audit.dev.invisirisk.com/
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+    env:
+      PSE_DEBUG_FLAG: --alsologtostderr
+      POLICY_LOG: t
+      INVISIRISK_JWT_TOKEN: ${{secrets.VB_API_KEY}}
+      INVISIRISK_PORTAL: https://app.invisirisk.com/
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     container:
       image: node:18-alpine
       options: --cap-add=NET_ADMIN
     strategy:
       matrix:
         node-version: [18.x]
     steps:
-    - env: 
-        SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
-      run: echo $SCAN_ID
-    - uses: invisirisk/pse-action@v1.0.8
-      with:
+      - name: Print Scan ID
+        env: 
+          SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
+        run: echo $SCAN_ID
+
+      - name: PSE Action
+        uses: invisirisk/pse-action@v1.0.8
+        with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
-    - name: Checkout the code
-      uses: actions/checkout@v3
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3
-      with:
-        node-version: ${{ matrix.node-version }}
-    - run: npm install
-    - run: npm ci
-    - run: npm run build --if-present
-    - run: npm test
-        
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure Git
+        run: |
+          git config --global --add safe.directory "${GITHUB_WORKSPACE}"
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Install dependencies
+        run: |
+          npm install
+          npm ci
+
+      - name: Build and test
+        run: |
+          npm run build --if-present
+          npm test
+
+      - name: Commit and push changes
+        run: |
+          if [[ -n "$(git status --porcelain)" ]]; then
+            git add .
+            git commit -m "chore: automated build and test updates [skip ci]"
+            git push https://${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git HEAD:${{ github.ref }}
+          else
+            echo "No changes to commit"
+          fi
