@@ -2,18 +2,21 @@ name: CI-AppSec [Master]
22on :
33 schedule :
44 # At 13:00 on every day-of-week from Sunday through Thursday.
5- - cron : ' 0 13 * * SUN-THU'
5+ - cron : " 0 13 * * SUN-THU"
66 workflow_dispatch :
77 # The workflow will only run when a push that includes a change to the build.gradle file is made in the main branch.
88 push :
99 branches :
1010 - main
1111 paths :
12- - ' build.gradle'
12+ - " build.gradle"
13+ pull_request :
14+ branches :
15+ - main
1316
1417jobs :
1518 blackduck-scan :
16- runs-on : [ ubuntu-latest ]
19+ runs-on : [ubuntu-latest]
1720 steps :
1821 - uses : actions/checkout@v3
1922 - uses : actions/setup-java@v3
2427 - name : Setup Gradle
2528 uses : gradle/gradle-build-action@v2
2629
27- - name : Make gradlew executable
28- run : chmod +x ./gradlew
29-
3030 - name : Execute Gradle build
3131 run : ./gradlew check
3232 env :
@@ -45,46 +45,45 @@ jobs:
4545 blackduck_url : ${{ secrets.BLACKDUCK_URL }}
4646 blackduck_token : ${{ secrets.BLACKDUCK_API_TOKEN }}
4747 blackduck_scan_full : true
48-
48+
4949 # ## Accepts Multiple Values
50- blackduck_scan_failure_severities : ' BLOCKER,CRITICAL'
51-
50+ blackduck_scan_failure_severities : " BLOCKER,CRITICAL"
51+
5252 # ## Uncomment below configuration to enable automatic fix pull request creation if vulnerabilities are reported
5353 blackduck_fixpr_enabled : true
5454 blackduck_fixpr_maxCount : 5
55- blackduck_fixpr_filter_severities : ' CRITICAL,HIGH'
56- blackduck_fixpr_useUpgradeGuidance : ' SHORT_TERM,LONG_TERM'
55+ blackduck_fixpr_filter_severities : " CRITICAL,HIGH"
56+ blackduck_fixpr_useUpgradeGuidance : " SHORT_TERM,LONG_TERM"
5757 github_token : ${{ secrets.GITHUB_TOKEN }} # Mandatory when blackduck_fixpr_enabled is set to 'true'
58-
58+
5959 # ## Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
6060 # include_diagnostics: true
6161
6262 - name : If failed - Configure 1Password Service Account For Slack Webhook URL Secret
6363 uses : 1password/load-secrets-action/configure@v1
6464 if : ${{ failure() }}
6565 with :
66- service-account-token : ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
66+ service-account-token : ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
6767 - name : If failed - Load Slack Webhook URL Secret
6868 uses : 1password/load-secrets-action@v1
6969 if : ${{ failure() }}
7070 with :
71- export-env : true
71+ export-env : true
7272 env :
73- SLACK_WEBHOOK_URL : op://Security/slack-appsec-blackduck-alerts/webhook-url
74- - name : If failed - Report failure to Slack
73+ SLACK_WEBHOOK_URL : op://Security/slack-appsec-blackduck-alerts/webhook-url
74+ - name : If failed - Report failure to Slack
7575 # Slack channel: appsec-blackduck-alerts
76- uses : ravsamhq/notify-slack-action@v2
76+ uses : ravsamhq/notify-slack-action@v2
7777 if : ${{ failure() }}
7878 with :
79- status : ${{ job.status }}
80- token : ${{ secrets.GITHUB_TOKEN }}
81- notification_title : " {workflow} has {status_message}"
82- message_format : " {emoji} *{workflow}* {status_message} in <{run_url}|{repo}>"
83- footer : " Linked Run <{run_url}|{repo}>"
84- notify_when : " failure"
85- mention_users : " U040AD4BT42"
86- mention_users_when : " failure,warnings"
87- mention_groups : " !channel"
79+ status : ${{ job.status }}
80+ token : ${{ secrets.GITHUB_TOKEN }}
81+ notification_title : " {workflow} has {status_message}"
82+ message_format : " {emoji} *{workflow}* {status_message} in <{run_url}|{repo}>"
83+ footer : " Linked Run <{run_url}|{repo}>"
84+ notify_when : " failure"
85+ mention_users : " U040AD4BT42"
86+ mention_users_when : " failure,warnings"
87+ mention_groups : " !channel"
8888 env :
89- SLACK_WEBHOOK_URL : ${{ env.SLACK_WEBHOOK_URL }}
90-
89+ SLACK_WEBHOOK_URL : ${{ env.SLACK_WEBHOOK_URL }}
0 commit comments