e1f4da2232
* CEC-4855: fix manifest deselect (#410) * fix manifest deselect * adjusted blackduck pipeline to run the latest detect version * added blackduck_rapid pipeline to run synopsys detect rapid scans * adjusted deploy pipeline to trun-based model, adjusted test pipeline to use main branch * test image builds * clean up * CEC-4563: add cancel and include results in promise (#411) * splited build and deploy order according to each environment, test builds * clean up * clean up * CEC-4635: prevent false 0 calculation (#413) * prevent false 0 calculation * refactor switch statement --------- Co-authored-by: Tristan Timblin <ttimblin@fiskerinc.com>
38 lines
1.3 KiB
YAML
38 lines
1.3 KiB
YAML
name: Blackduck
|
|
|
|
on:
|
|
schedule:
|
|
# run scans twice a month
|
|
- cron: '0 2 1,15 * *'
|
|
|
|
jobs:
|
|
blackduck:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v3
|
|
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '16'
|
|
cache: npm
|
|
|
|
- run: npm install
|
|
- run: npm run build
|
|
|
|
- name: Run Synopsys Detect INTELLIGENT
|
|
run: |
|
|
bash <(curl -s -L https://detect.synopsys.com/detect8.sh) \
|
|
--blackduck.url=${{ secrets.BLACKDUCK_URL }} \
|
|
--blackduck.api.token=${{ secrets.BLACKDUCK_API_KEY }} \
|
|
--blackduck.trust.cert=true \
|
|
--detect.project.version.update=true \
|
|
--detect.project.name='ota-admin-portal' \
|
|
--detect.excluded.directories='node_modules' \
|
|
--detect.project.version.name=$GITHUB_REF_NAME \
|
|
--detect.blackduck.scan.mode="INTELLIGENT" \
|
|
--detect.detector.search.depth=3 \
|
|
--detect.detector.search.continue=true \
|
|
--detect.npm.include.dev.dependencies=false
|
|
# --detect.policy.check.fail.on.severities=ALL,NONE,UNSPECIFIED,TRIVIAL,MINOR,MAJOR,CRITICAL,BLOCKER - Use it if you want to fail the build on a certain severity type
|
|
# --detect.detector.search.continue=true - If true, the bom tool search will continue to look for nested bom tools of the same type to the maximum search depth |