Skip to content

Update build-report.yml #4

Update build-report.yml

Update build-report.yml #4

name: vulnerability-scan-automation
on: [ push ]
jobs:
vulnerability-scan:
name: Vulnerability Scan Automation
runs-on: ubuntu-latest
continue-on-error: true
strategy:
fail-fast: false
matrix:
scan: [ api, baseline, full ]
env:
DOT_CICD_BRANCH: master
GITHUB_USER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PULL_REQUEST: ${{ github.event.number }}
steps:
- name: GITHUB CONTEXT
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
if: env.DEBUG == 'true'
- name: Get commit message
id: get-commit_message
uses: dotcms/get-commit_message@master
with:
accessToken: ${{ secrets.GITHUB_TOKEN }}
- name: Set Common Vars
run: |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
BUILD_ID="${{ github.head_ref }}"
else
BUILD_ID=$(basename "${{ github.ref }}")
fi
COMMIT_MESSG="${{ steps.get-commit_message.outputs.commit_message }}"
echo "COMMIT_MESSG: ${COMMIT_MESSG}"
if [[ ${COMMIT_MESSG} =~ scan-dotcms ]]; then
jobRun=true
else
jobRun=false
fi
echo "jobRun=${jobRun}" >> $GITHUB_ENV
echo "BUILD_ID=${BUILD_ID}" >> $GITHUB_ENV
if [[ "${{ matrix.scan }}" == 'full' ]]; then
echo "RESET_STARTER=true" >> $GITHUB_ENV
fi
- name: Prepare dot-cicd
run: |
sh -c "$(curl -fsSL https://raw.githubusercontent.com/dotCMS/dot-cicd/${DOT_CICD_BRANCH}/seed/install-dot-cicd.sh)"
if: env.jobRun == 'true'
- name: Run Vulnerabily Scan
run: |
../dotcicd/library/pipeline.sh runSidecar scan ${{ matrix.scan }}
if: env.jobRun == 'true'
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
LICENSE_KEY: ${{ secrets.DOTCMS_LICENSE }}
CUSTOM_STARTER_URL: "https://repo.dotcms.com/artifactory/libs-release-local/com/dotcms/starter/20210920/starter-20210920.zip"