Merge pull request #26 from Contrast-Security-OSS/SCA-1271

breaking: theses changes will bump this up to v3.0.0
Contrast-Security-OSS · Aug 30, 2023 · 5b48a2c · 5b48a2c
2 parents 7c52511 + 1148c0e
commit 5b48a2c
Show file tree

Hide file tree

Showing 6 changed files with 118 additions and 82 deletions.
diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,36 @@
+name: create-release
+
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - 'main'
+    types:
+      - closed
+
+
+permissions:
+  contents: write
+jobs:
+  tagged-release:
+    name: "Tagged Release"
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+
+      - name: Git Version
+        id: version
+        uses: codacy/git-version@80c816f11db8dea5e3a81025f598193015b51832
+        with:
+          release-branch: main
+          prefix: v
+
+      - name: Create Release
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
+        with:
+          tag_name: ${{ steps.version.outputs.version }}
+          token: ${{secrets.SCA_OSS_PAT}} # Used so pipeline gets triggered from this one
+          # See https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
diff --git a/.github/workflows/update_tags.yml b/.github/workflows/update_tags.yml
@@ -0,0 +1,15 @@
+name: Keep the versions up-to-date
+
+on:
+  release:
+    types: [published, edited]
+
+permissions:
+  contents: write
+jobs:
+  actions-tagger:
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: Actions-R-Us/actions-tagger@330ddfac760021349fef7ff62b372f2f691c20fb
+        with:
+          publish_latest_tag: false
diff --git a/Dockerfile b/Dockerfile
diff --git a/action.yml b/action.yml
@@ -10,13 +10,13 @@ inputs:
   orgId:
     description: 'The ID of your organization in Contrast (required).'
     required: true
+  artifact:
+    description: 'The Artifact to Scan on the Contrast Platform.'
+    required: true
   apiUrl:
     description: 'The name of the host. Includes the protocol section of the URL (https://). Defaults to https://ce.contrastsecurity.com. (optional)'
     required: false
     default: "https://ce.contrastsecurity.com"
-  artifact:
-    description: 'The Artifact to Scan on the Contrast Platform.'
-    required: true
   projectName:
     description: 'The name of the project you want to scan in Contrast.'
     required: false
@@ -36,6 +36,68 @@ inputs:
   fail:
     description: 'When set to true, fails the action if CVEs have been detected that match at least the severity option specified.'
     required: false
+
 runs:
-  using: 'docker'
-  image: 'Dockerfile'
+  using: "composite"
+  steps:
+    - name: Get Latest CLI
+      run: |
+        echo "Downloading Contrast CLI 2.1.0"
+        curl --location 'https://pkg.contrastsecurity.com/artifactory/cli/v2/2.1.0/linux/contrast' --output contrast
+      shell: bash
+    - run: chmod +x contrast
+      shell: bash
+
+    - name: Get CLI Required Arguments
+      id: required-args
+      shell: bash
+      run: |
+        echo "Setting Required Args..."
+        args=()
+        args+=("--api-key ${{ inputs.apiKey }}")
+        args+=("--authorization ${{ inputs.authHeader }}")
+        args+=("--organization-id ${{ inputs.orgId }}")
+        args+=("--file ${{ inputs.artifact }}")
+        args+=("--host ${{ inputs.apiUrl }}")
+
+        echo "args=${args[@]}" >> $GITHUB_OUTPUT
+
+    - name: Get CLI Optional Arguments
+      id: optional-args
+      shell: bash
+      run: |
+        echo "Setting Optional Args..."
+        args=()      
+        if [ -n "${{ inputs.projectName }}" ]; then
+          args+=("--name")
+          args+=("${{ inputs.projectName }}")
+        fi
+        if [ -n "${{ inputs.projectId }}" ]; then
+          args+=("--project-id")
+          args+=("${{ inputs.projectId }}")
+        fi
+        if [ -n "${{ inputs.language }}" ]; then
+          args+=("--language")
+          args+=("${{ inputs.language }}")
+        fi
+        if [ -n "${{ inputs.timeout }}" ]; then
+          args+=("--timeout")
+          args+=("${{ inputs.timeout }}")
+        fi
+        if [ -n "${{inputs.severity}}" ]; then
+          args+=("--severity")
+          args+=("${{ inputs.severity }}")
+        fi
+        if [ "${{inputs.fail}}" = true ]; then
+          args+=("--fail")
+        fi
+
+        echo "args=${args[@]}" >> $GITHUB_OUTPUT
+
+    - name: Run Contrast Scan CLI Command
+      continue-on-error: true
+      id: run-scan
+      shell: bash
+      run: |
+        echo "Running the Contrast Scan Command..."
+        ./contrast scan ${{ steps.required-args.outputs.args }} ${{ steps.optional-args.outputs.args }}
diff --git a/entrypoint.sh b/entrypoint.sh