Skip to content

Refactor SCA Scan for APIGW #172

Refactor SCA Scan for APIGW

Refactor SCA Scan for APIGW #172

Workflow file for this run

# SCA Scan
name: Software Composition Analysis
on:
# Runs when a pull request review is being submitted
pull_request:
types: [assigned,synchronize]
branches:
- 'main'
- 'v0.*'
- 'v2.x'
# Run this workflow manually from Actions tab
workflow_dispatch:
inputs:
branch_to_test:
description: 'Branch or tag to run test'
required: true
default: 'main'
type: string
# Allow one concurrent deployment
concurrency:
group: ${{ github.repository }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
software-composition-analysis:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout Code (Pull Request Into v2.x)
if: github.event_name == 'pull_request'
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
submodules: recursive
- name: Checkout Code (Workflow Dispatch)
if: github.event_name == 'workflow_dispatch'
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch_to_test }}
repository: aiverify-foundation/aiverify
submodules: recursive
- name: Set Branch Variable (Pull Request Into v2.x)
if: github.event_name == 'pull_request'
run: |
echo "BRANCH=v2.x" >> "$GITHUB_ENV"
- name: Set Branch Variable (Workflow Dispatch)
if: github.event_name == 'workflow_dispatch'
run: |
echo "BRANCH=v1.0" >> "$GITHUB_ENV"
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install & Scan APIGW (Pull Request Into v2.x)
if: github.event_name == 'pull_request'
run: |
cd aiverify-apigw
python3 -m venv venv
source venv/bin/activate
pip install -e .
pip freeze > requirements.txt
deactivate
rm -rf venv
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-apigw --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="aiverify-apigw_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true
deactivate
cd ../
- name: Install & Scan APIGW (Workflow Dispatch)
if: github.event_name == 'workflow_dispatch'
run: |
cd ai-verify-apigw
npm install
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=ai-verify-apigw --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-apigw_$BRANCH" --detect.excluded.directories=tests --blackduck.trust.cert=true
cd ../
- name: Install & Scan PORTAL (Workflow Dispatch)
if: github.event_name == 'workflow_dispatch'
run: |
cd ai-verify-portal
npm install
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=ai-verify-portal --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-portal_$BRANCH" --detect.excluded.directories=tests --blackduck.trust.cert=true
cd ../
- name: Install & Scan SHARED LIBRARY (Workflow Dispatch)
if: github.event_name == 'workflow_dispatch'
run: |
cd ai-verify-shared-library
npm install
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=ai-verify-shared-library --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-shared-library_$BRANCH" --detect.excluded.directories=tests --blackduck.trust.cert=true
cd ../
- name: Install & Scan TEST ENGINE (Pull Request Into v2.x)
if: github.event_name == 'pull_request'
run: |
cd aiverify-test-engine
python3 -m venv venv
source venv/bin/activate
pip install -e .
pip freeze > requirements.txt
deactivate
rm -rf venv
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-test-engine --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="aiverify-test-engine_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true
deactivate
cd ../
- name: Install & Scan TEST ENGINE (Workflow Dispatch)
if: github.event_name == 'workflow_dispatch'
run: |
cd test-engine-app
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=test-engine-app --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-app_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true
deactivate
cd ../
- name: Install & Scan TEST ENGINE CORE (Workflow Dispatch)
if: github.event_name == 'workflow_dispatch'
run: |
cd test-engine-core
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=test-engine-core --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-core_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true
deactivate
cd ../
- name: Install & Scan TEST ENGINE CORE MODULES (Workflow Dispatch)
if: github.event_name == 'workflow_dispatch'
run: |
cd test-engine-core-modules
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=test-engine-core-modules --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-core-modules_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true
deactivate
cd ../
- name: Install & Scan Accumulated Local Effects (Pull Request Into v2.x)
if: github.event_name == 'pull_request'
run: |
ls
cd stock-plugins/aiverify.stock.accumulated-local-effect/algorithms/accumulated-local-effect
python3 -m venv venv
source venv/bin/activate
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=accumulated_local_effect --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="accumulated_local_effect_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true
deactivate
cd ../