Software Composition Analysis - EbikesLwc-apex #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Veracode Software Composition Analysis | |
| run-name: Software Composition Analysis - ${{ github.event.client_payload.repository.name }} | |
| concurrency: | |
| group: ${{ github.event.client_payload.event_type }}-${{ github.event.client_payload.repository.name }}-${{ github.event.client_payload.repository.branch }} | |
| cancel-in-progress: true | |
| on: | |
| repository_dispatch: | |
| types: [veracode-sca-scan] | |
| jobs: | |
| cleanup: | |
| uses: ./.github/workflows/veracode-clean-up.yml | |
| with: | |
| runs_on: ${{ github.event.client_payload.user_config.default_runs_on }} | |
| register: | |
| needs: cleanup | |
| uses: ./.github/workflows/veracode-check-run.yml | |
| with: | |
| check_run_name: ${{ github.workflow }} | |
| head_sha: ${{ github.event.client_payload.sha }} | |
| repositroy_owner: ${{ github.event.client_payload.repository.owner }} | |
| repositroy_name: ${{ github.event.client_payload.repository.name }} | |
| event_type: ${{ github.event.client_payload.event_type }} | |
| github_token: ${{ github.event.client_payload.token }} | |
| run_id: ${{ github.run_id }} | |
| branch: ${{ github.event.client_payload.repository.branch }} | |
| default_runs_on: ${{ github.event.client_payload.user_config.default_runs_on }} | |
| veracode-sca-scan: | |
| needs: [register] | |
| runs-on: ${{ fromJSON(github.event.client_payload.user_config.default_runs_on) }} | |
| name: Veracode Component Analysis | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.client_payload.repository.full_name }} | |
| ref: ${{ github.event.client_payload.repository.branch }} | |
| token: ${{ github.event.client_payload.token }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| path: 'veracode-helper' | |
| - name: Find yarn JS apps using workspaces - Linux | |
| if: contains(runner.os, 'Linux') | |
| run: | | |
| if [ -f "package.json" ] && [ -f "pnpm-lock.yaml" ] && [ -f "pnpm-workspace.yaml" ]; then | |
| echo "- The file package.json, pnpm-lock.yml and pnpm-workspace.yaml exist. This looks like a PNPM workspace project." | |
| if grep -q "workspaces" "package.json"; then | |
| echo "-- The package.json file contains workspaces - running PNPM lockfile generator" | |
| node veracode-helper/helper/pnpm-helper.js --folder '/home/runner/work/veracode/veracode' --intRepoPrefix '${{ github.event.client_payload.repository.owner }}' --repoName '${{ github.event.client_payload.repository.name }}' | |
| else | |
| echo "-- The package.json file does not contain workspace - this will fail - exiting" | |
| fi | |
| elif [ -f "package.json" ] && [ ! -f "pnpm-lock.yml" ] && [ ! -f "pnpm-workspace.yaml" ]; then | |
| if grep -q "workspaces" "package.json"; then | |
| echo "- The package.json file exists, and it contains 'workspaces'." | |
| if grep -q "yarn" "package.json"; then | |
| echo "-- Yarn was identified on the package.json file" | |
| version=$(grep 'yarn' package.json | grep -oE '[0-9]' | head -n 1) | |
| if [ -z "$version" ]; then | |
| echo "-- The yarn version could not be identified." | |
| else | |
| echo "-- The yarn version is: $version" | |
| if [ $version -lt "3" ]; then | |
| echo "---- Running v2 lockfile generator" | |
| node veracode-helper/helper/yarn-lock-file-generator-v2.js --folder /home/runner/work/veracode/veracode | |
| elif [ $version -ge "3" ]; then | |
| echo "---- Running v3 lockfile generator" | |
| node veracode-helper/helper/yarn-lock-file-generator-v3.js --folder /home/runner/work/veracode/veracode | |
| fi | |
| fi | |
| else | |
| echo "- Yarn was not identified on the package.json file" | |
| fi | |
| else | |
| echo "- The package.json file exists, but it does not contain 'workspaces'." | |
| fi | |
| else | |
| echo "The package.json file does not exist." | |
| fi | |
| rm -rf veracode-helper | |
| - name: Find yarn JS apps using workspaces - Windows | |
| shell: pwsh | |
| if: contains(runner.os, 'Windows') | |
| run: | | |
| if ((Test-Path "package.json") -and (Test-Path "pnpm-lock.yaml") -and (Test-Path "pnpm-workspace.yaml")) { | |
| Write-Host "- The files package.json, pnpm-lock.yaml, and pnpm-workspace.yaml exist. This looks like a PNPM workspace project." | |
| $packageJson = Get-Content "package.json" -Raw | |
| if ($packageJson -match '"workspaces"') { | |
| Write-Host "-- The package.json file contains workspaces - running PNPM lockfile generator" | |
| node "veracode-helper/helper/pnpm-helper.js" ` | |
| --folder "/home/runner/work/veracode/veracode" ` | |
| --intRepoPrefix "${{ github.event.client_payload.repository.owner }}" ` | |
| --repoName "${{ github.event.client_payload.repository.name }}" | |
| } | |
| else { | |
| Write-Host "-- The package.json file does not contain workspaces - exiting" | |
| } | |
| } | |
| elseif ((Test-Path "package.json") -and -not (Test-Path "pnpm-lock.yaml") -and -not (Test-Path "pnpm-workspace.yaml")) { | |
| $packageJson = Get-Content "package.json" -Raw | |
| if ($packageJson -match '"workspaces"') { | |
| Write-Host "- The package.json file exists and contains 'workspaces'." | |
| if ($packageJson -match '"yarn"') { | |
| Write-Host "-- Yarn was identified in the package.json file" | |
| $match = Select-String '"yarn"' package.json | Select-Object -First 1 | |
| $version = ($match.Line -split '\D+' | Where-Object { $_ -match '^\d+$' } | Select-Object -First 1) | |
| if (-not $version) { | |
| Write-Host "-- The yarn version could not be identified." | |
| } | |
| else { | |
| Write-Host "-- The yarn version is: $version" | |
| if ([int]$version -lt 3) { | |
| Write-Host "---- Running v2 lockfile generator" | |
| node "veracode-helper/helper/yarn-lock-file-generator-v2.js" --folder "/home/runner/work/veracode/veracode" | |
| } | |
| elseif ([int]$version -ge 3) { | |
| Write-Host "---- Running v3 lockfile generator" | |
| node "veracode-helper/helper/yarn-lock-file-generator-v3.js" --folder "/home/runner/work/veracode/veracode" | |
| } | |
| } | |
| } | |
| else { | |
| Write-Host "- Yarn was not identified in the package.json file" | |
| } | |
| } | |
| else { | |
| Write-Host "- The package.json file exists, but it does not contain 'workspaces'." | |
| } | |
| } | |
| else { | |
| Write-Host "The package.json file does not exist." | |
| } | |
| Remove-Item -Recurse -Force "veracode-helper" -ErrorAction SilentlyContinue | |
| - name: Run Veracode SCA | |
| env: | |
| SRCCLR_API_TOKEN: ${{ secrets.VERACODE_AGENT_TOKEN }} | |
| JAVA_OPTS: -Xms2g -Xmx4g | |
| uses: veracode/[email protected] | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| create-issues: false | |
| recursive: true | |
| allow-dirty: true | |
| breakBuildOnPolicyFindings: ${{ github.event.client_payload.user_config.break_build_policy_findings }} | |
| debug: ${{ github.event.client_payload.user_config.debug }} |