Software Composition Analysis #101
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SCA Scan | |
name: Software Composition Analysis | |
on: | |
# Runs when a pull request review is being submitted | |
pull_request_review: | |
types: [submitted] | |
branches: | |
- 'main' | |
- 'v0.*' | |
- 'v2.x' | |
# Run this workflow manually from Actions tab | |
workflow_dispatch: | |
inputs: | |
branch_to_test: | |
description: 'Branch or tag to run test' | |
required: true | |
default: 'main' | |
type: string | |
# Allow one concurrent deployment | |
concurrency: | |
group: ${{ github.repository }}-${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
software-composition-analysis: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout Code (Pull Request Review) | |
if: github.event_name == 'pull_request_review' | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
submodules: recursive | |
- name: Checkout Code (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.branch_to_test }} | |
repository: aiverify-foundation/aiverify | |
submodules: recursive | |
- name: Set Branch Variable (Pull Request Into v2.x) | |
if: github.event_name == 'pull_request_review' | |
run: | | |
echo "BRANCH=v2.x" >> "$GITHUB_ENV" | |
- name: Set Branch Variable (Workflow Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
echo "BRANCH=v1.0" >> "$GITHUB_ENV" | |
- name: Install & Scan APIGW | |
run: | | |
cd ai-verify-apigw | |
npm install | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=10 --detect.project.name=ai-verify-apigw --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-apigw_$BRANCH" --detect.excluded.directories=/tests --blackduck.trust.cert=true | |
cd ../ | |
- name: Install & Scan PORTAL | |
run: | | |
cd ai-verify-portal | |
npm install | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=10 --detect.project.name=ai-verify-portal --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-portal_$BRANCH" --detect.excluded.directories=/tests --blackduck.trust.cert=true | |
cd ../ | |
- name: Install & Scan SHARED LIBRARY | |
run: | | |
cd ai-verify-shared-library | |
npm install | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=10 --detect.project.name=ai-verify-shared-library --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-shared-library_$BRANCH" --detect.excluded.directories=/tests --blackduck.trust.cert=true | |
cd ../ | |
- name: Install & Scan TEST ENGINE APP | |
run: | | |
cd test-engine-app | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=10 --detect.project.name=test-engine-app --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-app_$BRANCH" --detect.excluded.directories=/tests --blackduck.trust.cert=true | |
cd ../ | |
- name: Install & Scan TEST ENGINE CORE | |
run: | | |
cd test-engine-core | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=10 --detect.project.name=test-engine-core --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-core_$BRANCH" --detect.excluded.directories=/tests --blackduck.trust.cert=true | |
cd ../ | |
- name: Install & Scan TEST ENGINE CORE MODULES | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
cd test-engine-core-modules | |
python3 -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=10 --detect.project.name=test-engine-core-modules --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-core-modules_$BRANCH" --detect.excluded.directories=/tests --blackduck.trust.cert=true | |
cd ../ | |
- name: Install & Scan STOCK PLUGINS | |
run: | | |
cd stock-plugins | |
python3 -m venv venv | |
source venv/bin/activate | |
find ./ -type f -name 'requirements.txt' -exec pip install -r "{}" \; | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=10 --detect.project.name=test-engine-core --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="stock-plugins_$BRANCH" --detect.excluded.directories=/tests --blackduck.trust.cert=true | |
cd ../ |