Skip to content
KenPPLgod

KenPPLgod #17

Sign in to view logs

KenPPLgod

KenPPLgod #17

Workflow file for this run

.github/workflows/godflow.yml at f7ffc77
name: KenPPLgod
on:
#push:
#branches: [ "main" ]
workflow_dispatch:
jobs:
SAST:
runs-on: ubuntu-latest
# runs-on: kencentrun
# container: node:14
steps:
- name: Check out source code
uses: actions/checkout@v4
- name: Run ScanCentral SAST Scan
uses: fortify/github-action/sc-sast-scan@v1
# - name: scanstarted
# run: scancentral -url $SC_CONTROLLER_URL start $BUILD_OPTS $SCAN_OPTS -upload -application pplgod -version 1 -uptoken $SSC_UPLOAD_TOKEN -fprssc $SSC_APPVERSION-$BUILD_NO.fpr
env:
SC_CONTROLLER_URL: ${{ vars.SC_CONTROLLER_URL }}
SSC_URL: ${{secrets.SSC_URL}}
SSC_UPLOAD_TOKEN: ${{secrets.SSC_UPLOAD_TOKEN}}
SSC_TOKEN: ${{secrets.SSC_TOKEN}}
SC_SAST_TOKEN: ${{secrets.CLIENT_AUTH_TOKEN}}
EXTRA_SC_SAST_LOGIN_OPTS: --socket-timeout=60s
SSC_APPVERSION: pplgod:1
# EXTRA_PACKAGE_OPTS: -bf custom-pom.xml
SC_SAST_SENSOR_VERSION: 23.1
BUILD_OPTS: "-bt none"
# DO_WAIT: true
# DO_EXPORT: true
# TOOL_DEFINITIONS: https://ftfy.mycompany.com/tool-definitions/v1/tool-definitions.yaml.zip
pullNexus:
needs: SAST
runs-on: ubuntu-latest
# runs-on: kencentrun
# container: node:14
steps:
- name: Check out source code
uses: actions/checkout@v4
- name: pwd
run: pwd
- name: Running Nexus scan
#run: echo bruh
run: docker run -v /home/runner/work/pipelinegod/pipelinegod:/target -v /home/runner/work/pipelinegod/pipelinegod:/sonatype/reports sonatype/nexus-iq-cli /sonatype/evaluate -s https://nexusiq.nsth.net/ -a dhanyarak.k:Netpoleon#1 -i 1 /target/*.json
ImgScan:
needs: [SAST, pullNexus]
runs-on: ubuntu-latest
steps:
- name: Check out source code
uses: actions/checkout@v4
- name: Build local images
run: |
pwd
docker build -t rurouniken89/nodejsappgod .
- name: check images
run: docker images
- name: docker login
uses: docker/login-action@v3
with:
registry: registry.aquasec.com
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: pull image aqua
run: docker pull registry.aquasec.com/scanner:2022.4
- name: run scan images
run: |
docker run -t --rm -v /var/run/docker.sock:/var/run/docker.sock -v /home/runner/work/pipelinegod/pipelinegod:/tmp registry.aquasec.com/scanner:2022.4 scan -H https://aqua.nsth.net -U ken-scanner -P P@ssw0rd --local rurouniken89/nodejsappgod --jsonfile /tmp/results.json
Deploy_Images:
needs: [SAST, pullNexus, ImgScan]
runs-on: kencentrun
steps:
- name : To_DockerfileDir
run : cd /home/admin/testpplgod/pipelinegod/
- name : Deploy_images
run : docker compose up -d --build --force-recreate
- name : stall for MySQL up
uses: juliangruber/sleep-action@v2.0.0
with:
time: 20s
- name: Full deploy
run : docker compose up -d --build --force-recreate app
DAST_Scan :
needs: [SAST, pullNexus, ImgScan, Deploy_Images]
runs-on: ubuntu-latest
steps:
- name: Get Unified token
run: |
U_Tok=$(curl -X 'POST' --insecure 'https://dastcore.nsth.net/api/v2/auth' -H 'accept:text/plain' -H 'Content-Type:application/json-patch+json' -d '{"username":"dhanyarak.k", "password":"Netpoleon#1"}')
echo "Unified Token=$U_Tok" >> $GITHUB_ENV
echo U_TOK = $U_Tok
echo Cutting JSON
FFTOKEN=$(echo $U_Tok | grep -o '"token":"FORTIFYTOKEN [^"]\+' | cut -d '"' -f 4)
echo "Extracted Unified Token=$FFTOKEN" >> $GITHUB_ENV
echo "SCAN TOKEN => $FFTOKEN"
echo "STARTING SCANNING... "
SCAN_RESP=$(curl -X 'POST' -s --insecure 'https://dastcore.nsth.net/api/v2/scans/start-scan-cicd' -H 'accept:text/plain' -H "Authorization:$FFTOKEN" -H 'Content-Type:application/json-patch+json' -d "{'cicdToken':'0443d8ea-729b-4431-bee0-177331ecafce','name':'PPLGod','scannerId':0,'useAssignedScannerOnly':true,'overrides':{'dataRetentionDays':0,'scanPriority':5,'scanMode':2}}")
echo "SCAN_RESP=$SCAN_RESP" >> $GITHUB_ENV
echo "SCAN RESPONSE => $SCAN_RESP"
echo "DONE!"