KenPPLgod #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: KenPPLgod | |
| on: | |
| #push: | |
| #branches: [ "main" ] | |
| workflow_dispatch: | |
| jobs: | |
| SAST: | |
| runs-on: ubuntu-latest | |
| # runs-on: kencentrun | |
| # container: node:14 | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: Run ScanCentral SAST Scan | |
| uses: fortify/github-action/sc-sast-scan@v1 | |
| # - name: scanstarted | |
| # run: scancentral -url $SC_CONTROLLER_URL start $BUILD_OPTS $SCAN_OPTS -upload -application pplgod -version 1 -uptoken $SSC_UPLOAD_TOKEN -fprssc $SSC_APPVERSION-$BUILD_NO.fpr | |
| env: | |
| SC_CONTROLLER_URL: ${{ vars.SC_CONTROLLER_URL }} | |
| SSC_URL: ${{secrets.SSC_URL}} | |
| SSC_UPLOAD_TOKEN: ${{secrets.SSC_UPLOAD_TOKEN}} | |
| SSC_TOKEN: ${{secrets.SSC_TOKEN}} | |
| SC_SAST_TOKEN: ${{secrets.CLIENT_AUTH_TOKEN}} | |
| EXTRA_SC_SAST_LOGIN_OPTS: --socket-timeout=60s | |
| SSC_APPVERSION: pplgod:1 | |
| # EXTRA_PACKAGE_OPTS: -bf custom-pom.xml | |
| SC_SAST_SENSOR_VERSION: 23.1 | |
| BUILD_OPTS: "-bt none" | |
| # DO_WAIT: true | |
| # DO_EXPORT: true | |
| # TOOL_DEFINITIONS: https://ftfy.mycompany.com/tool-definitions/v1/tool-definitions.yaml.zip | |
| pullNexus: | |
| needs: SAST | |
| runs-on: ubuntu-latest | |
| # runs-on: kencentrun | |
| # container: node:14 | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: pwd | |
| run: pwd | |
| - name: Running Nexus scan | |
| # run: echo bruh | |
| run: docker run -v /home/runner/work/pipelinegod/pipelinegod:/target -v /home/runner/work/pipelinegod/pipelinegod:/sonatype/reports sonatype/nexus-iq-cli /sonatype/evaluate -s https://nexusiq.nsth.net/ -a dhanyarak.k:Netpoleon#1 -i 1 /target/*.json | |
| Build_Images: | |
| needs: [SAST, pullNexus] | |
| runs-on: kencentrun | |
| steps: | |
| - name : To_DockerfileDir | |
| run : cd /home/admin/testpplgod/pipelinegod/ | |
| - name : Deploy_images | |
| run : docker compose up -d --build --force-recreate | |
| - name : stall for MySQL up | |
| uses: juliangruber/sleep-action@v2.0.0 | |
| with: | |
| time: 20s | |
| - name: Full deploy | |
| run : docker compose up -d --build --force-recreate app | |
| DAST_Scan : | |
| needs: [SAST, pullNexus, Build_Images] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get Unified token | |
| run: | | |
| U_Tok=$(curl -X 'POST' --insecure 'https://dastcore.nsth.net/api/v2/auth' -H 'accept:text/plain' -H 'Content-Type:application/json-patch+json' -d '{"username":"dhanyarak.k", "password":"Netpoleon#1"}') | |
| echo "Unified Token=$U_Tok" >> $GITHUB_ENV | |
| echo U_TOK = $U_Tok | |
| echo Cutting JSON | |
| FFTOKEN=$(echo $U_Tok | grep -o '"token":"FORTIFYTOKEN [^"]\+' | cut -d '"' -f 4) | |
| echo "Extracted Unified Token=$FFTOKEN" >> $GITHUB_ENV | |
| echo "SCAN TOKEN => $FFTOKEN" | |
| echo "STARTING SCANNING... " | |
| SCAN_RESP=$(curl -X 'POST' -s --insecure 'https://dastcore.nsth.net/api/v2/scans/start-scan-cicd' -H 'accept:text/plain' -H "Authorization:$FFTOKEN" -H 'Content-Type:application/json-patch+json' -d "{'cicdToken':'0443d8ea-729b-4431-bee0-177331ecafce','name':'PPLGod','scannerId':0,'useAssignedScannerOnly':true,'overrides':{'dataRetentionDays':0,'scanPriority':5,'scanMode':2}}") | |
| echo "SCAN_RESP=$SCAN_RESP" >> $GITHUB_ENV | |
| echo "SCAN RESPONSE => $SCAN_RESP" | |
| echo "DONE!" | |