Refactor SCA Scan for APIGW #172
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SCA Scan | |
name: Software Composition Analysis | |
on: | |
# Runs when a pull request review is being submitted | |
pull_request: | |
types: [assigned,synchronize] | |
branches: | |
- 'main' | |
- 'v0.*' | |
- 'v2.x' | |
# Run this workflow manually from Actions tab | |
workflow_dispatch: | |
inputs: | |
branch_to_test: | |
description: 'Branch or tag to run test' | |
required: true | |
default: 'main' | |
type: string | |
# Allow one concurrent deployment | |
concurrency: | |
group: ${{ github.repository }}-${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
software-composition-analysis: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout Code (Pull Request Into v2.x) | |
if: github.event_name == 'pull_request' | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
submodules: recursive | |
- name: Checkout Code (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.branch_to_test }} | |
repository: aiverify-foundation/aiverify | |
submodules: recursive | |
- name: Set Branch Variable (Pull Request Into v2.x) | |
if: github.event_name == 'pull_request' | |
run: | | |
echo "BRANCH=v2.x" >> "$GITHUB_ENV" | |
- name: Set Branch Variable (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
echo "BRANCH=v1.0" >> "$GITHUB_ENV" | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
- name: Install & Scan APIGW (Pull Request Into v2.x) | |
if: github.event_name == 'pull_request' | |
run: | | |
cd aiverify-apigw | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -e . | |
pip freeze > requirements.txt | |
deactivate | |
rm -rf venv | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-apigw --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="aiverify-apigw_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
deactivate | |
cd ../ | |
- name: Install & Scan APIGW (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
cd ai-verify-apigw | |
npm install | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=ai-verify-apigw --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-apigw_$BRANCH" --detect.excluded.directories=tests --blackduck.trust.cert=true | |
cd ../ | |
- name: Install & Scan PORTAL (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
cd ai-verify-portal | |
npm install | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=ai-verify-portal --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-portal_$BRANCH" --detect.excluded.directories=tests --blackduck.trust.cert=true | |
cd ../ | |
- name: Install & Scan SHARED LIBRARY (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
cd ai-verify-shared-library | |
npm install | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=ai-verify-shared-library --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-shared-library_$BRANCH" --detect.excluded.directories=tests --blackduck.trust.cert=true | |
cd ../ | |
- name: Install & Scan TEST ENGINE (Pull Request Into v2.x) | |
if: github.event_name == 'pull_request' | |
run: | | |
cd aiverify-test-engine | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -e . | |
pip freeze > requirements.txt | |
deactivate | |
rm -rf venv | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-test-engine --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="aiverify-test-engine_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
deactivate | |
cd ../ | |
- name: Install & Scan TEST ENGINE (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
cd test-engine-app | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=test-engine-app --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-app_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
deactivate | |
cd ../ | |
- name: Install & Scan TEST ENGINE CORE (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
cd test-engine-core | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=test-engine-core --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-core_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
deactivate | |
cd ../ | |
- name: Install & Scan TEST ENGINE CORE MODULES (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
cd test-engine-core-modules | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=test-engine-core-modules --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-core-modules_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
deactivate | |
cd ../ | |
- name: Install & Scan Accumulated Local Effects (Pull Request Into v2.x) | |
if: github.event_name == 'pull_request' | |
run: | | |
ls | |
cd stock-plugins/aiverify.stock.accumulated-local-effect/algorithms/accumulated-local-effect | |
python3 -m venv venv | |
source venv/bin/activate | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=accumulated_local_effect --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="accumulated_local_effect_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
deactivate | |
cd ../ |