open-component-model · morri-son · Mar 10, 2025 · Mar 10, 2025 · Mar 10, 2025 · Mar 10, 2025
@@ -0,0 +1,93 @@
+name: BDBA Scan
+
+on:
+  workflow_call:
+    inputs:
+      artifact_id:
+        description: Identifier for the artifact to download
+        required: false
+        type: string
+    secrets:
+      BDBA_API_TOKEN:
+        required: true
+      BDBA_URL:
+        required: true
+      BDBA_GROUP_ID:
+        required: true
+
+permissions:
+  actions: read
+  contents: read
+
+jobs:
+  upload-and-scan-ctfs:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Download CTF
+        uses: actions/download-artifact@v4
+        with:
+          pattern: '${{ inputs.artifact_id }}'
+          path: ${{ github.workspace }}/gen
+
+      - name: Extract OCM Binary from CTF
+        id: extract-ocm
+        run: |
+          ocm_binary=$(bash ./hack/get_bare_resource_from_ctf.sh \
+            "ocm.software/ocmcli" \
+            "" \
+            "ocmcli" \
+            "amd64" \
+            "linux" \
+            "application/octet-stream" \
+            ${{ github.workspace }}/gen/ctf-aggregated)
+
+          new_loc=${{ github.workspace }}/bin/ocm
+          mkdir -p $(dirname $new_loc)
+          ln -s $ocm_binary $new_loc
+          chmod +x $new_loc
+          echo "OCM binary linked to $new_loc"
+          echo "binary=$new_loc" >> $GITHUB_OUTPUT 
+
+      - name: Upload to Blackduck for CTF
+        id: blackduck-upload-ctf
+        run: |
+          set -e  # Exit immediately if any command fails with non-zero status
+          echo "Download CVs from CTF (creates CommonTransportFormat-ctf root folder)"
+          echo "Upload single CVs to BDBA"
+          echo "Large files may take a while to upload. Please be patient."
+          echo
+          cd ${{ github.workspace }}/gen/
+          ${{ steps.extract-ocm.outputs.binary }} download cv --type tar ${{ github.workspace }}/gen/ctf-aggregated
+          # Find all CV tar files within CommonTransportFormat-ctf
+            for file in $(find CommonTransportFormat-${{ github.workspace }}/gen/ctf-aggregated -type f); do
+            # Extract the relative path and construct the upload name
+            relative_path="${file#CommonTransportFormat-${{ github.workspace }}/gen/ctf-aggregated/}"
+            upload_name="${relative_path%/*}"
+            upload_name="${upload_name//\//-}"
+
+            # Extract the version from the filename
+            version=$(basename "$file")
+            version="${version%.tar}"
+
+            # Construct the API URL
+            api_url="${{ secrets.BDBA_URL }}/api/upload/${upload_name}"
+
+            # Upload the file using curl
+            echo "Uploading $upload_name to BDBA"
+            curl_output=$(curl -sS -X PUT -H "Authorization: Bearer ${{ secrets.BDBA_API_TOKEN }}" -H "Group: ${{ secrets.BDBA_GROUP_ID }}" -H "Version: $version" --data-binary "@$file" "$api_url")
+
+            # Check if upload was successful and print results
+            if [[ $(echo "$curl_output" | jq '.meta.code') == "200" ]]; then
+              echo "--- Upload successful ---"
+              echo "   filename:     $(echo "$curl_output" | jq '.results.filename')"
+              echo "   last_updated: $(echo "$curl_output" | jq '.results.last_updated')"
+            else
+              echo "Upload failed with"
+              echo "$curl_output"
+              exit 1
+            fi
+          done
@@ -21,7 +21,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Generate new BDBA API token
-        id: generate_bdba_token
+        id: generate-bdba-token
         run: |
           # Generate new token from the Black Duck Binary Analysis API
           # Using the validity period of 3888000 seconds (45 days)