FilesExpand file tree

 dev

/

release.yml

Copy path

View Runs

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

63 lines (52 loc) · 2.41 KB

 dev

/

release.yml

Top

File metadata and controls

• Code
• Blame

63 lines (52 loc) · 2.41 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

# This is a basic workflow to help you get started with Actions

name: release

# Controls when the workflow will run

on:

# Triggers the workflow on push or pull request events but only for the main branch

#push:

# branches: [ main ]

pull_request:

branches: [ main ]

# Allows you to run this workflow manually from the Actions tab

workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel

jobs:

# This workflow contains a single job called "build"

build:

# The type of runner that the job will run on

runs-on: ubuntu-latest

env:

COV_URL: ${{ secrets.COV_URL }}

COV_USER: ${{ secrets.COV_USER }}

COVERITY_PASSPHRASE: ${{ secrets.COVERITY_PASSPHRASE }}

CSA: cov-analysis-linux64-2021.9.0

COVERITY_PROJECT: java-sec-code

BLDCMD: mvn clean package -DskipTests

CHECKERS: --webapp-security

# Steps represent a sequence of tasks that will be executed as part of the job

steps:

# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it

- uses: actions/checkout@v2

# Runs a single command using the runners shell

- name: Maven Build

run: mvn clean package -DskipTests

#- name: Install SAST Full Scan

# run: |

# curl -fLsS --user $COV_USER:$COVERITY_PASSPHRASE $COV_URL/downloadFile.htm?fn=$CSA.tar.gz | tar -C /tmp -xzf -

# curl -fLsS --user $COV_USER:$COVERITY_PASSPHRASE -o /tmp/$CSA/bin/license.dat $COV_URL/downloadFile.htm?fn=license.dat

# /tmp/$CSA/bin/cov-configure --java

#- name: Full Scan (SAST)

# run: |

# export PATH=$PATH:/tmp/$CSA/bin

# set -x

# cov-build --dir idir --fs-capture-search $GITHUB_WORKSPACE $BLDCMD

# cov-analyze --dir idir --ticker-mode none --strip-path $GITHUB_WORKSPACE $CHECKERS

# cov-commit-defects --dir idir --ticker-mode none --url $COV_URL --stream $COVERITY_PROJECT-${GITHUB_BASE_REF##*/} --scm git \

# --description $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID --target $RUNNER_OS --version $GITHUB_SHA

- name: Full Scan (SCA)

uses: blackducksoftware/[email protected]

with:

version: 7

blackduck.url: ${{ secrets.BLACKDUCK_URL }}

blackduck.api.token: ${{ secrets.BLACKDUCK_API_TOKEN }}

args: --detect.risk.report.pdf=true