Skip to content

Create README.md

Create README.md #2

Workflow file for this run

name: Scanner
on: [push]
env:
API_URL: 'https://app.stage.veribom.com'
IMAGE_NAME: 'veribom-scanner:latest'
SCAN_LICENSE: 'False'
DEBUG: 'True'
SCAN_TYPE: 'DIRECTORY'
DIRECTORY_PATH: '/checkout'
jobs:
ecr_details:
runs-on: ubuntu-latest
outputs:
ecr_username: ${{steps.ecr_details.outputs.username}}
ecr_token: ${{steps.ecr_details.outputs.token}}
ecr_region: ${{steps.ecr_details.outputs.region}}
ecr_id: ${{steps.ecr_details.outputs.registry_id}}
steps:
- name: Fetching VB Token
id: fetchECRDetails
uses: fjogeleit/http-request-action@v1.15.1
with:
url: '${{env.API_URL}}/utilityapi/v1/registry?api_key=${{secrets.VB_API_KEY}}'
method: 'GET'
- name: Decoding VB Token
id: parseToken
run: echo "DECODED_TOKEN=$(echo ${{ fromJson(steps.fetchECRDetails.outputs.response).data }} | base64 -d)" >> "$GITHUB_OUTPUT"
- name: ECR Details
id: ecr_details
run: |
echo "username=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).username}}" >> "$GITHUB_OUTPUT"
echo "token=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).password}}" >> "$GITHUB_OUTPUT"
echo "region=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).region}}" >> "$GITHUB_OUTPUT"
echo "registry_id=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).registry_id}}" >> "$GITHUB_OUTPUT"
create_scan:
runs-on: ubuntu-latest
outputs:
scan_id: ${{steps.parseResponse.outputs.scan_id}}
steps:
- name: Initiating SBOM Scan
id: createScan
uses: fjogeleit/http-request-action@v1.15.1
with:
url: '${{env.API_URL}}/utilityapi/v1/scan'
method: 'POST'
data: '{"api_key": "${{secrets.VB_API_KEY}}"}'
- name: Parse Response
id: parseResponse
run: echo "scan_id=${{fromJSON(steps.createScan.outputs.response).data.scan_id}}" >> "$GITHUB_OUTPUT"
run_scan:
runs-on: ubuntu-latest
needs: [ecr_details, create_scan]
outputs:
container_id: ${{steps.pullImage.outputs.container_id}}
steps:
- name: Pulling VB Image
id: pullImage
run: |
echo "${{needs.ecr_details.outputs.ecr_token}}" | docker login -u ${{needs.ecr_details.outputs.ecr_username}} ${{needs.ecr_details.outputs.ecr_id}}.dkr.ecr.${{needs.ecr_details.outputs.ecr_region}}.amazonaws.com --password-stdin
docker pull ${{needs.ecr_details.outputs.ecr_id}}.dkr.ecr.${{needs.ecr_details.outputs.ecr_region}}.amazonaws.com/$IMAGE_NAME
- name: Checkout Code
uses: actions/checkout@v4
- name: Running VB Image
run: |
docker run --name scanner -v $GITHUB_WORKSPACE/:$DIRECTORY_PATH -e SCAN_LICENSE=$SCAN_LICENSE -e API_URL=$API_URL -e SCANCODE_DEBUG_PACKAGE_GRADLE=True -e SCAN_ID=${{needs.create_scan.outputs.scan_id}} -e SCAN_TYPE=$SCAN_TYPE -e DIRECTORY_PATH=$DIRECTORY_PATH -e API_KEY=${{secrets.VB_API_KEY}} ${{needs.ecr_details.outputs.ecr_id}}.dkr.ecr.${{needs.ecr_details.outputs.ecr_region}}.amazonaws.com/$IMAGE_NAME run_scanner
echo "CONTAINER_ID=$(docker ps -aqf name=^scanner$)" >> "$GITHUB_ENV"
- name: Checking Container Logs
run: |
set +e
! docker logs $CONTAINER_ID 2>&1 | grep -qE '\| *ERROR *\|'
echo "SCAN_ERROR=$?" >> "$GITHUB_ENV"
docker rm $CONTAINER_ID
- name: Checking for Warnings
if: ${{env.SCAN_ERROR != 0}}
run: echo "VB Scanning Completed With Warnings"
- name: Checking for Warnings
if: ${{env.SCAN_ERROR == 0}}
run: echo "VB Scanning Completed"