Blackduck Scan Cronjob #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Blackduck Scan Cronjob | |
on: | |
schedule: | |
- cron: '5 0 * * 0' | |
permissions: | |
checks: write | |
jobs: | |
build: | |
runs-on: [ ubuntu-latest ] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Java 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: '${{ github.workspace }}/go.mod' | |
cache: false | |
- name: Get go environment for use with cache | |
run: | | |
echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV | |
echo "go_modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV | |
# This step will only reuse the go mod and build cache from main made during the Build, | |
# see push_ocm.yaml => "ocm-cli-latest" Job | |
# This means it never caches by itself and PRs cannot cause cache pollution / thrashing | |
# This is because we have huge storage requirements for our cache because of the mass of dependencies | |
- name: Restore / Reuse Cache from central build | |
id: cache-golang-restore | |
uses: actions/cache/restore@v4 # Only Restore, not build another cache (too big) | |
with: | |
path: | | |
${{ env.go_cache }} | |
${{ env.go_modcache }} | |
key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }} | |
restore-keys: | | |
${{ env.cache_name }}-${{ runner.os }}-go- | |
env: | |
cache_name: ocm-cli-latest-go-cache # needs to be the same key in the end as in the build step | |
- name: Blackduck Full Scan | |
uses: mercedesbenzio/detect-action@v2 | |
env: | |
DETECT_PROJECT_USER_GROUPS: opencomponentmodel | |
DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS | |
DETECT_SOURCE_PATH: ./ | |
NODE_TLS_REJECT_UNAUTHORIZED: true | |
with: | |
scan-mode: INTELLIGENT | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
blackduck-url: ${{ secrets.BLACKDUCK_URL }} | |
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }} | |
detect-version: 8.8.0 |