Updating to common GitHub Action 1.0.5

.github/archived/ci-main-pull-request-checks-stub.yml

@@ -32,4 +32,4 @@ jobs:
       perform-sonarqube-sca-scan: true
       perform-blackduck-coverity: false
       perform-blackduck-polaris: true
-      generate-sbom: true
+      generate-sbom: true

.github/workflows/ci-main-pull-request-stub.yml

@@ -7,17 +7,17 @@ name: CI Pull Request on Main Branch
 
 on: 
   pull_request:
-    branches: [ main, release/** ]
+    branches: [ nikhil/enable-blackduck-sca, release/** ]
   push:
-    branches: [ main, release/** ]
+    branches: [ nikhil/enable-blackduck-sca, release/** ]
 
   workflow_dispatch:
 
 permissions:
   contents: read
-  
+
 env:
-  STUB_VERSION: "1.0.4" 
+  STUB_VERSION: "1.0.5"
 
 jobs: 
   echo_version:
@@ -29,20 +29,21 @@ jobs:
           echo "CI main pull request stub version $STUB_VERSION"
 
   call-ci-main-pr-check-pipeline:
-    uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@main
+    uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@nikhil/create-lock-file-runtime
     secrets: inherit
-    permissions: 
+    permissions:
       id-token: write
       contents: read
 
-    with:   
+    with:
       visibility: ${{ github.event.repository.visibility }}   #  private, public, or internal
       # go-private-modules: GOPRIVATE for Go private modules, default is 'github.com/progress-platform-services/*
 
       # if version specified, it takes precedence; can be a semver like 1.0.2-xyz or a tag like "latest"
-      version: '4.2.3' # ${{ github.event.repository.version }}
+      version: '4.2.5' # ${{ github.event.repository.version }}
       detect-version-source-type: 'none' # options include "none" (do not detect), "file", "github-tag" or "github-release"
       detect-version-source-parameter: '' # use for file name
+      language: 'ruby'  # Go, Ruby, Rust, JavaScript, TypeScript, Python, Java, C#, PHP, other - used for build and SonarQube language setting
 
       # complexity-checks
       perform-complexity-checks: true
@@ -51,34 +52,34 @@ jobs:
 
       # trufflehog secret scanning
       perform-trufflehog-scan: true
-      
-      # ADDED TRIVY SCAN
+
+      # trivy dependency and container scanning
       perform-trivy-scan: true
-      
+
       # BlackDuck SAST (Polaris) and SCA scans (requires a build or download to do SAST)
       # requires these secrets: POLARIS_SERVER_URL, POLARIS_ACCESS_TOKEN
       perform-blackduck-polaris: true
-      polaris-application-name: "Chef-Agents"  # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Other
-      polaris-project-name: 'chef-vault'
-      polaris-blackduck-executable: 'path/to/blackduck/binary'
-      polaris-executable-detect-path: 'path/to/detect'
- 
+      polaris-application-name: "Chef-Agents"  # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Other, Chef-Non-Product
+      polaris-project-name: ${{ github.event.repository.name }}
+      # polaris-blackduck-executable: 'path/to/blackduck/binary'
+      # polaris-executable-detect-path: 'path/to/detect'
+
       # perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language
-      build: false
-      # ga-build-profile: $chef-ga-build-profile   
+      build: true
+      # ga-build-profile: $chef-ga-build-profile
       # language: $chef-ga-build-language   # this will be removed from stub as autodetected in central GA
       unit-tests: false
- 
+
       # perform SonarQube scan, with or wihout unit test coverage data
       # requires secrets SONAR_TOKEN and SONAR_HOST_URL (progress.sonar.com)
       perform-sonarqube-scan: true
       # perform-sonar-build: true
-      # build-profile: 'default' 
+      # build-profile: 'default'
       # report-unit-test-coverage: true
 
       # report to central developer dashboard
       report-to-atlassian-dashboard: false
-      quality-product-name: 'Chef-Infra-Client'   # product name for quality reporting, like Chef360, Courier, Inspec
+      quality-product-name: 'Chef-Agents'   # product name for quality reporting, like Chef360, Courier, Inspec
       # quality-product-name: ${{ github.event.repository.name }}   # like 'Chef-360' - the product name for quality reporting, like Chef360, Courier, Inspec
       # quality-sonar-app-name: 'YourSonarAppName'
       # quality-testing-type: 'Integration' like Unit, Integration, e2e, api, Performance, Security
@@ -92,15 +93,17 @@ jobs:
 
       # generate and export Software Bill of Materials (SBOM) in various formats
       generate-sbom: true
-      export-github-sbom: true      # SPDX JSON artifact on job instance  
-      perform-blackduck-sca-scan: false # combined with generate sbom & generate github-sbom, also needs version above
-      blackduck-project-group-name: 'Chef-Agents' # typically one of (Chef), Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services'
+      export-github-sbom: true      # SPDX JSON artifact on job instance
+      perform-blackduck-sca-scan: true # combined with generate sbom & generate github-sbom, also needs version above
+      blackduck-project-group-name: 'Chef-Agents' # typically one of (Chef), Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Non-Product'
       blackduck-project-name: ${{ github.event.repository.name }} # BlackDuck project name, typically the repository name
-      generate-blackduck-sbom: false # obsolete, use perform-blackduck-sca-scan instead
-
+      generate-blackduck-sbom: true # obsolete, use perform-blackduck-sca-scan instead
+
+      run-bundle-install: true
+
       generate-msft-sbom: false
       license_scout: false      # Run license scout for license compliance (uses .license_scout.yml)
 
       # udf1: 'default' # user defined flag 1
-      # udf2: 'default' # user defined flag 2 
-      # udf3: 'default' # user defined flag 3  
+      # udf2: 'default' # user defined flag 2
+      # udf3: 'default' # user defined flag 3