name: Blackduck

on:
 schedule:
  # run scans twice a month
  - cron:  '0 2 1,15 * *'

jobs:
  blackduck:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Code
      uses: actions/checkout@v3

    - uses: actions/setup-node@v3
      with:
        node-version: '16'
        cache: npm

    - run: npm install
    - run: npm run build

    - name: Run Synopsys Detect INTELLIGENT
      run: |
        bash <(curl -s -L https://detect.synopsys.com/detect8.sh) \
        --blackduck.url=${{ secrets.BLACKDUCK_URL }} \
        --blackduck.api.token=${{ secrets.BLACKDUCK_API_KEY }} \
        --blackduck.trust.cert=true \
        --detect.project.version.update=true \
        --detect.project.name='ota-admin-portal' \
        --detect.excluded.directories='node_modules' \
        --detect.project.version.name=$GITHUB_REF_NAME \
        --detect.blackduck.scan.mode="INTELLIGENT" \
        --detect.detector.search.depth=3 \
        --detect.detector.search.continue=true \
        --detect.npm.include.dev.dependencies=false 
      # --detect.policy.check.fail.on.severities=ALL,NONE,UNSPECIFIED,TRIVIAL,MINOR,MAJOR,CRITICAL,BLOCKER - Use it if you want to fail the build on a certain severity type
      # --detect.detector.search.continue=true - If true, the bom tool search will continue to look for nested bom tools of the same type to the maximum search depth