[Sprint 19] New features and fixes #140
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Software Composition Analysis | |
on: | |
# Runs when a pull request review is being submitted | |
pull_request: | |
# Run this workflow manually from Actions tab | |
workflow_dispatch: | |
inputs: | |
branch_to_test: | |
description: 'Branch or tag to run test' | |
required: true | |
default: 'main' | |
type: string | |
# Allow one concurrent deployment | |
concurrency: | |
group: ${{ github.repository }}-${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
software-composition-analysis: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout Code (Pull_Request) | |
# if: github.event_name == 'pull_request' | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
submodules: recursive | |
- name: Checkout Code (Workflow_Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ inputs.branch_to_test }} | |
- name: Set Branch Variable (Pull_Request) | |
# if: github.event_name == 'pull_request' | |
run: | | |
echo "BRANCH=branch" >> "$GITHUB_ENV" | |
- name: Set Branch Variable (Workflow_Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
echo "BRANCH=${{ inputs.branch_to_test }}" >> "$GITHUB_ENV" | |
- name: Install & Scan MOONSHOT UI (Pull_Request) | |
if: github.event_name == 'pull_request' | |
run: | | |
npm install | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=10 --detect.project.name=aiverify-moonshot-ui --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="aiverify-moonshot-ui_$BRANCH" --detect.excluded.directories=/tests --blackduck.trust.cert=true --detect.blackduck.scan.mode=RAPID | |
cd ../ | |
- name: Install & Scan MOONSHOT UI (Workflow_Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
npm install | |
bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=10 --detect.project.name=aiverify-moonshot-ui --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="aiverify-moonshot-ui_$BRANCH" --detect.excluded.directories=/tests --blackduck.trust.cert=true --detect.excluded.detector.types=POETRY --detect.notices.report=true --detect.notices.report.path=. | |
mv aiverify_moonshot_ui_main_Black_Duck_Notices_Report.txt NOTICES.md | |
- name: Configure GIT (Workflow_Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
git config --global user.email "${{ github.actor }}" | |
git config --global user.name "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com" | |
shell: bash | |
- name: Switch to branch (Workflow_Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
git checkout -B notices | |
shell: bash | |
- name: Commit Notice File (Workflow_Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
git add . | |
git commit -m "Update NOTICES.md" | |
git push -f -u origin HEAD | |
shell: bash | |
- name: Create PR (Workflow_Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh pr create --title "Update NOTICES.md for Moonshot UI" --body "This PR updates Notice File for Moonshot UI" --base main --head notices | |
shell: bash | |
- name: Merge PR (Workflow_Dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
pr_number=$(gh pr list --state open --limit 1 --json number --jq '.[0].number') | |
gh pr merge $pr_number --merge --admin | |
shell: bash |