Sync and scan p4jenkins #2643
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Sync and scan p4jenkins | |
on: | |
schedule: | |
- cron: '0 */2 * * *' # every 30 minutes | |
workflow_dispatch: # on button click | |
jobs: | |
sync: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Sync p4jenking from upstream jenkins github | |
uses: tgymnich/[email protected] | |
with: | |
token: ${{ secrets.SYNC_TOKEN }} | |
owner: jenkinsci | |
base: master | |
head: master | |
repo: p4-plugin | |
scan: | |
needs: sync | |
runs-on: ubuntu-latest | |
if: always() | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v2 | |
- name: Login to docker hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Mend scan | |
run: | | |
ls ${{ github.workspace }} | |
docker pull perforce/ubuntu22-mend | |
docker run -v ${{ github.workspace }}:/scan \ | |
perforce/ubuntu22-mend bash -c "java -jar /opt/white-source/wss-unified-agent.jar \ | |
-noConfig true \ | |
-d /scan \ | |
-project p4jenkins-main \ | |
-apiKey ${{ secrets.MEND_API_KEY }} \ | |
-userKey ${{ secrets.MEND_USER_KEY }} \ | |
-product p4jenkins \ | |
-wss.url https://saas-eu.whitesourcesoftware.com/agent \ | |
-resolveAllDependencies false \ | |
-maven.resolveDependencies true \ | |
-maven.runPreStep true" | |
- name: CVE scan | |
run: | | |
python3 ${{ github.workspace }}/build_tools/cve-finder.py \ | |
-m p4jenkins \ | |
-b main \ | |
-j P4Jenkins \ | |
-o ${{ secrets.MEND_API_KEY }} \ | |
-k ${{ secrets.MEND_USER_KEY }} \ | |
-u ${{ secrets.JIRA_USER }} \ | |
-p ${{ secrets.JIRA_PASS }} |