jobs/veracode-sast-platform-release-candidate-promote-job.yml


parameters:
  - name: veracodeApiId
    displayName: Veracode API ID
    default: ""
    type: string
    
  - name: veracodeApiKey
    displayName: Veracode API Key
    default: ""
    type: string
    
  - name: applicationName
    displayName: Application Name
    default: ""
    type: string
    
  - name: sandboxName
    displayName: Sandbox Name
    default: "Release Candidate"
    type: string
    
jobs:
  - job: SAST_Release_Candidate_Promote
    displayName: Promotion of a Sandbox to Policy
   
    pool:
      vmImage: 'ubuntu-latest'
      
    variables:
      - name: ApplicationId
      - name: SandboxId
      - name: AnalysisId
      - name: AnalysisName
      - name: resultsReady
        value: "false"
    
    steps:
    - script: java --version
      continueOnError: true
      displayName: Report Java Version installed

    - pwsh: |
        $versionstring = curl https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/maven-metadata.xml | Out-String -Stream | Select-String -Pattern 'latest';
        $wrapper_version = $versionstring -replace '\s','' -replace '<latest>','' -replace '</latest>','';
        echo "Pulling down wrapper version: $wrapper_version"
        curl https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/$WRAPPER_VERSION/vosp-api-wrappers-java-$WRAPPER_VERSION-dist.zip -o $(Build.ArtifactStagingDirectory)/dist.zip
        7z e $(Build.ArtifactStagingDirectory)/dist.zip -o$(Build.ArtifactStagingDirectory)/extract/ -y
      displayName: Downloading the latest version of the Veracode Java API
      enabled: true

    - script: ls -la $(Build.ArtifactStagingDirectory)
      displayName: Show Artifact Directory Content

    - script: |
        ls -la $(Build.ArtifactStagingDirectory)/extract/
      displayName: Show Extract Directory Content
      enabled: true

    - script: |
        java -jar $(Build.ArtifactStagingDirectory)/extract/VeracodeJavaAPI.jar -version
      displayName: Veracode Wrapper Version
      enabled: false

    - pwsh: |
        java -jar $(Build.ArtifactStagingDirectory)/extract/VeracodeJavaAPI.jar -vid ${{ parameters.veracodeApiId }} -vkey ${{ parameters.veracodeApiKey }} -action getapplist | Out-File -FilePath applicationlist.xml
        [xml]$Xml = Get-Content .\applicationlist.xml
        $SnippetNamespace = @{ns = "https://analysiscenter.veracode.com/schema/2.0/applist"}
        $app_id = Select-Xml -Xml $Xml -Namespace $SnippetNamespace -XPath "//ns:app[@app_name='${{ parameters.applicationName }}']" | ForEach-Object {$_.Node.app_id}
        
        if($appid -eq ""){
          Write-Host Application ${{parameters.applicationName}} not found.
          exit 1
        }
        
        # Set Output Variable
        echo "##vso[task.setvariable variable=ApplicationId]$app_id"
        echo "Application ID: $$app_id"

      displayName: Retrieving Application ID

    - pwsh: |
        Write-Host "Application ID: $(ApplicationId)"
        java -jar $(Build.ArtifactStagingDirectory)/extract/VeracodeJavaAPI.jar -vid ${{ parameters.veracodeApiId }} -vkey ${{ parameters.veracodeApiKey }} -action getsandboxlist -appid $(ApplicationId) | Out-File -FilePath sandboxlist.xml
        [xml]$Xml = Get-Content .\sandboxlist.xml
        $SnippetNamespace = @{ns = "https://analysiscenter.veracode.com/schema/4.0/sandboxlist"}
        # ${{parameters.sandboxName}}
        $sandbox_id = Select-Xml -Xml $Xml -Namespace $SnippetNamespace -XPath "//ns:sandbox[@sandbox_name='${{ parameters.sandboxName }}']" | ForEach-Object {$_.Node.sandbox_id}
        
        if($sandbox_id -eq ""){
          Write-Host Sandbox ${{ parameters.sandboxName }} not found.
          exit 1
        }
        
        # Set Output Variable
        echo "##vso[task.setvariable variable=SandboxId]$sandbox_id"
        Write-Host "Sandbox ID: $sandbox_id"
      displayName: Retrieving Sandbox ID
      
    - pwsh: |
        Write-Host "Sandbox ID: $(SandboxId)"
        java -jar $(Build.ArtifactStagingDirectory)/extract/VeracodeJavaAPI.jar -vid ${{ parameters.veracodeApiId }} -vkey ${{ parameters.veracodeApiKey }} -action GetBuildList -appid $(ApplicationId) -sandboxid $(SandboxId) | Out-File -FilePath buildlist.xml
        [xml]$Xml = Get-Content .\buildlist.xml
        $SnippetNamespace = @{ns = "https://analysiscenter.veracode.com/schema/2.0/buildlist"}
        $Build = Select-Xml -Xml $Xml -Namespace $SnippetNamespace -XPath "//ns:build[last()]"
        $BuildId = $Build.Node.build_id
        $Version = $Build.Node.version
        
        if($BuildId -eq ""){
          Write-Host "No analyses found within sandbox $(SandboxId)"
          exit 1
        }
        
        echo "Analysis ID: $BuildId"
        echo "Analysis Name: $Version"
        
        # Set Output Variables
        echo "##vso[task.setvariable variable=AnalysisName]$Version"
        echo "##vso[task.setvariable variable=AnalysisId]$BuildId"
      displayName: Retrieving Analysis List
      
    - pwsh: |
        Write-Host "Analysis ID: $(AnalysisId)"
        java -jar $(Build.ArtifactStagingDirectory)/extract/VeracodeJavaAPI.jar -vid ${{ parameters.veracodeApiId }} -vkey ${{ parameters.veracodeApiKey }} -action GetBuildInfo -appid $(ApplicationId) -sandboxid $(SandboxId) -buildid $(AnalysisId) | Out-File -FilePath buildinfo.xml
        [xml]$Xml = Get-Content .\buildinfo.xml
        $SnippetNamespace = @{ns = "https://analysiscenter.veracode.com/schema/4.0/buildinfo"}
        $element = Select-Xml -Xml $Xml -Namespace $SnippetNamespace -XPath "//ns:build"
      
        $results_ready = $element.Node.results_ready
        echo "Result Ready: $results_ready"
        
        # Set Output Variables
        echo "##vso[task.setvariable variable=resultsReady]$results_ready"
        
        if($results_ready -eq 'false'){
          Write-Host Sandbox Analysis $(AnalysisName) is not in a ready state to be promoted.
          exit 1
        }
      displayName: Evaluating Analysis State
      enabled: true
      
    - pwsh: |
        Write-Host "Promoting: $(AnalysisName) to Policy Level"
        java -jar $(Build.ArtifactStagingDirectory)/extract/VeracodeJavaAPI.jar -vid ${{ parameters.veracodeApiId }} -vkey ${{ parameters.veracodeApiKey }} -action PromoteSandbox -buildid $(AnalysisId)
      condition: eq(variables['resultsReady'],'true')
      displayName: Promoting Scan