.github/workflows/securin.yaml

---
name: Securin Scan
"on":
- workflow_dispatch
- pull_request
jobs:
  scanning:
    env:
      APP_ID: df2317a5eb8ea07f06b151f4dce2c7070a1e7676ca0c1251304de28ffc45ff8f
      REQ_URL_MAP: "${{toJSON('{\"SL_RESULTPARSER_API_HOST\":\"http://3a83-27-4-122-61.ngrok.io/resultparserapi/v1\"\
        ,\"SL_API_HOST\":\"http://7ef7-27-4-122-61.ngrok.io/shiftleftapi\",\"SL_RESULT_API_HOST\"\
        :\"http://fe07-27-4-122-61.ngrok.io/resultapi/v1\"}')}}"
    steps:
    - name: Retrieve Scan Info
      id: auth_token
      run: "respJson=$(curl --location --request GET 'http://7ef7-27-4-122-61.ngrok.io/shiftleftapi/scan-info?app_id=${{\
        \ env.APP_ID }}'  --header 'Authorization: Bearer ${{secrets.CLI_ACCESS_TOKEN}}'\
        \  --data-raw ' ' )\necho \"::set-output name=authTokenJson::$respJson\""
    - uses: actions/checkout@v2
    - name: Build with Maven
      run: mvn -q --batch-mode --update-snapshots verify
    - name: Build Docker Image
      run: docker build . --file Dockerfile --tag bhuvi11/ecom-service:latest
    - name: Scan Initiated
      id: sec_scan_init
      run: "docker login --username  ${{fromJson(steps.auth_token.outputs.authTokenJson).user}}\
        \ --password ${{fromJson(steps.auth_token.outputs.authTokenJson).password}}\
        \ ${{fromJson(steps.auth_token.outputs.authTokenJson).proxyUrl}}\ndocker pull\
        \ -q ${{fromJson(steps.auth_token.outputs.authTokenJson).imageTag}}\ndocker\
        \ run -v ${{github.workspace}}:/src  --volume ${{github.workspace}}:/workdir\
        \ -v /var/run/docker.sock:/var/run/docker.sock ${{fromJson(steps.auth_token.outputs.authTokenJson).imageTag}}\
        \ -access_tkn ${{secrets.CLI_ACCESS_TOKEN}} -app_id ${{ env.APP_ID }} -req_url_map\
        \ ${{ env.REQ_URL_MAP }} event:${{ github.event_name }}  pr_number:${{ github.event.number\
        \ }}"
    - name: Upload SARIF file
      uses: github/codeql-action/upload-sarif@v1
      with:
        sarif_file: "${{github.workspace}}/results/result.sarif"
      if: hashFiles('**/result.sarif') !=''
    - name: Evaluate build status
      run: "cat ${{github.workspace}}/results/status.txt\nexit 1\n"
      if: hashFiles('**/status.txt') !=''
    runs-on: ubuntu-latest