Skip to content

Blackduck Scan Cronjob #59

Blackduck Scan Cronjob

Blackduck Scan Cronjob #59

name: Blackduck Scan Cronjob
on:
schedule:
- cron: '5 0 * * 0'
workflow_dispatch:
permissions:
checks: write
jobs:
build:
runs-on: [ ubuntu-latest ]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Java 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: '${{ github.workspace }}/go.mod'
cache: false
- name: Get go environment for use with cache
run: |
echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV
echo "go_modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV
# This step will only reuse the go mod and build cache from main made during the Build,
# see push_ocm.yaml => "ocm-cli-latest" Job
# This means it never caches by itself and PRs cannot cause cache pollution / thrashing
# This is because we have huge storage requirements for our cache because of the mass of dependencies
- name: Restore / Reuse Cache from central build
id: cache-golang-restore
uses: actions/cache/restore@v4 # Only Restore, not build another cache (too big)
with:
path: |
${{ env.go_cache }}
${{ env.go_modcache }}
key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }}
restore-keys: |
${{ env.cache_name }}-${{ runner.os }}-go-
env:
cache_name: ocm-cli-latest-go-cache # needs to be the same key in the end as in the build step
- name: Blackduck Full Scan
uses: mercedesbenzio/detect-action@v2
env:
DETECT_PROJECT_USER_GROUPS: opencomponentmodel
DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS
DETECT_SOURCE_PATH: ./
NODE_TLS_REJECT_UNAUTHORIZED: true
with:
scan-mode: INTELLIGENT
github-token: ${{ secrets.GITHUB_TOKEN }}
blackduck-url: ${{ secrets.BLACKDUCK_URL }}
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
detect-version: 8.8.0