Repayment Info and Version Bump #188
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-AppSec [PR] | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| blackduck-scan: | |
| runs-on: [ ubuntu-latest ] | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@v3 | |
| - name: Black Duck PR Scan | |
| uses: synopsys-sig/[email protected] | |
| ### Use below configuration to set specific detect environment variables | |
| env: | |
| DETECT_PROJECT_NAME: ${{ github.event.repository.name }} | |
| DETECT_PROJECT_VERSION_NAME: main | |
| with: | |
| blackduck_url: ${{ secrets.BLACKDUCK_URL }} | |
| blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }} | |
| blackduck_scan_full: false | |
| ### Below configuration is used to enable automatic pull request comment based on Black Duck scan result | |
| blackduck_prComment_enabled: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| # Mandatory when blackduck_automation_prcomment is set to 'true' | |
| ### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded | |
| # include_diagnostics: true | |
| - name: If failed - Configure 1Password Service Account For Slack Webhook URL Secret | |
| uses: 1password/load-secrets-action/configure@v1 | |
| if: ${{ failure() }} | |
| with: | |
| service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| - name: If failed - Load Slack Webhook URL Secret | |
| uses: 1password/load-secrets-action@v1 | |
| if: ${{ failure() }} | |
| with: | |
| export-env: true | |
| env: | |
| SLACK_WEBHOOK_URL: op://Security/slack-appsec-blackduck-alerts/webhook-url | |
| - name: If failed - Report failure to Slack | |
| #Slack channel: appsec-blackduck-alerts | |
| uses: ravsamhq/notify-slack-action@v2 | |
| if: ${{ failure() }} | |
| with: | |
| status: ${{ job.status }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| notification_title: "{workflow} has {status_message}" | |
| message_format: "{emoji} *{workflow}* {status_message} in <{run_url}|{repo}>" | |
| footer: "Linked Run <{run_url}|{repo}>" | |
| notify_when: "failure" | |
| mention_users: "U040AD4BT42" | |
| mention_users_when: "failure,warnings" | |
| mention_groups: "!channel" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ env.SLACK_WEBHOOK_URL }} | |