@@ -2,18 +2,18 @@ name: CI-AppSec [Master]
22on :
33 schedule :
44 # At 13:00 on every day-of-week from Sunday through Thursday.
5- - cron : ' 0 13 * * SUN-THU'
5+ - cron : " 0 13 * * SUN-THU"
66 workflow_dispatch :
77 # The workflow will only run when a push that includes a change to the build.gradle file is made in the main branch.
88 push :
99 branches :
1010 - main
1111 paths :
12- - ' build.gradle'
12+ - " build.gradle"
1313
1414jobs :
1515 blackduck-scan :
16- runs-on : [ ubuntu-latest ]
16+ runs-on : [ubuntu-latest]
1717 steps :
1818 - uses : actions/checkout@v3
1919 - uses : actions/setup-java@v3
3030 UNIT_API_URL : ${{ secrets.UNIT_API_URL }}
3131 UNIT_TOKEN : ${{ secrets.UNIT_TOKEN }}
3232 access_token : ${{ secrets.UNIT_TOKEN }}
33+ token_tests_user_id : ${{ secrets.TOKEN_TESTS_USER_ID }}
34+ test_plaid_counterparty_token : ${{ secrets.TEST_PLAID_COUNTERPARTY_TOKEN }}
35+ wallet_terms : ${{ secrets.WALLET_TERMS }}
3336
3437 - name : Black Duck Full Scan
3538 uses :
synopsys-sig/[email protected] @@ -42,46 +45,45 @@ jobs:
4245 blackduck_url : ${{ secrets.BLACKDUCK_URL }}
4346 blackduck_token : ${{ secrets.BLACKDUCK_API_TOKEN }}
4447 blackduck_scan_full : true
45-
48+
4649 # ## Accepts Multiple Values
47- blackduck_scan_failure_severities : ' BLOCKER,CRITICAL'
48-
50+ blackduck_scan_failure_severities : " BLOCKER,CRITICAL"
51+
4952 # ## Uncomment below configuration to enable automatic fix pull request creation if vulnerabilities are reported
5053 blackduck_fixpr_enabled : true
5154 blackduck_fixpr_maxCount : 5
52- blackduck_fixpr_filter_severities : ' CRITICAL,HIGH'
53- blackduck_fixpr_useUpgradeGuidance : ' SHORT_TERM,LONG_TERM'
55+ blackduck_fixpr_filter_severities : " CRITICAL,HIGH"
56+ blackduck_fixpr_useUpgradeGuidance : " SHORT_TERM,LONG_TERM"
5457 github_token : ${{ secrets.GITHUB_TOKEN }} # Mandatory when blackduck_fixpr_enabled is set to 'true'
55-
58+
5659 # ## Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
5760 # include_diagnostics: true
5861
5962 - name : If failed - Configure 1Password Service Account For Slack Webhook URL Secret
6063 uses : 1password/load-secrets-action/configure@v1
6164 if : ${{ failure() }}
6265 with :
63- service-account-token : ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
66+ service-account-token : ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
6467 - name : If failed - Load Slack Webhook URL Secret
6568 uses : 1password/load-secrets-action@v1
6669 if : ${{ failure() }}
6770 with :
68- export-env : true
71+ export-env : true
6972 env :
70- SLACK_WEBHOOK_URL : op://Security/slack-appsec-blackduck-alerts/webhook-url
71- - name : If failed - Report failure to Slack
73+ SLACK_WEBHOOK_URL : op://Security/slack-appsec-blackduck-alerts/webhook-url
74+ - name : If failed - Report failure to Slack
7275 # Slack channel: appsec-blackduck-alerts
73- uses : ravsamhq/notify-slack-action@v2
76+ uses : ravsamhq/notify-slack-action@v2
7477 if : ${{ failure() }}
7578 with :
76- status : ${{ job.status }}
77- token : ${{ secrets.GITHUB_TOKEN }}
78- notification_title : " {workflow} has {status_message}"
79- message_format : " {emoji} *{workflow}* {status_message} in <{run_url}|{repo}>"
80- footer : " Linked Run <{run_url}|{repo}>"
81- notify_when : " failure"
82- mention_users : " U040AD4BT42"
83- mention_users_when : " failure,warnings"
84- mention_groups : " !channel"
79+ status : ${{ job.status }}
80+ token : ${{ secrets.GITHUB_TOKEN }}
81+ notification_title : " {workflow} has {status_message}"
82+ message_format : " {emoji} *{workflow}* {status_message} in <{run_url}|{repo}>"
83+ footer : " Linked Run <{run_url}|{repo}>"
84+ notify_when : " failure"
85+ mention_users : " U040AD4BT42"
86+ mention_users_when : " failure,warnings"
87+ mention_groups : " !channel"
8588 env :
86- SLACK_WEBHOOK_URL : ${{ env.SLACK_WEBHOOK_URL }}
87-
89+ SLACK_WEBHOOK_URL : ${{ env.SLACK_WEBHOOK_URL }}
0 commit comments