From 16d2975aa5d820f6e95e358c08ccf469bb08aa64 Mon Sep 17 00:00:00 2001
From: Valentin Mladenov <mvalentin@vmware.com>
Date: Tue, 28 Jan 2025 14:26:20 +0200
Subject: [PATCH] feat: redo scripts

---
 .github/workflows/release-preview.yml | 21 ++-------------------
 .github/workflows/release.yml         | 23 ++---------------------
 .releaserc.js                         | 10 ++++------
 scripts/execute-blackduck-scan.sh     | 24 ++++++++++++++++++++++++
 4 files changed, 32 insertions(+), 46 deletions(-)
 create mode 100644 scripts/execute-blackduck-scan.sh

diff --git a/.github/workflows/release-preview.yml b/.github/workflows/release-preview.yml
index 8547eddfe9..3b32161af8 100644
--- a/.github/workflows/release-preview.yml
+++ b/.github/workflows/release-preview.yml
@@ -24,27 +24,10 @@ jobs:
       - name: Public Api Check
         run: npm run public-api:check
       - name: Preview Release
-        run: npm run preview
-      - name: BlackDuck Scan Release
         env:
-          NEXT_RELEASE_VERSION: ${{ env.NEXT_RELEASE_VERSION }}
-          BD_PROJECT_NAME: ${{ secrets.BD_PROJECT_NAME }}
-          BD_URL: ${{ secrets.BD_URL }}
           BD_ACCESS_TOKEN: ${{ secrets.BD_ACCESS_TOKEN }}
-        run: bash <(curl -k -s -L https://detect.blackduck.com/detect10.sh) /
-          --blackduck.url=$BD_URL /
-          --blackduck.api.token=$BD_ACCESS_TOKEN /
-          --detect.project.name=$BD_PROJECT_NAME /
-          --detect.project.version.name=$NEXT_RELEASE_VERSION /
-          --detect.project.version.phase=PRERELEASE /
-          --detect.project.version.license="MIT License" /
-          --detect.project.version.distribution=OPENSOURCE /
-          --detect.tools=DETECTOR /
-          --detect.wait.for.results=true /
-          --detect.included.detector.types=npm /
-          --detect.required.detector.types=npm /
-          --detect.detector.search.depth=6 /
-          --detect.npm.dependency.types.excluded=DEV
+          BD_RELEASE_PHASE: PRERELEASE
+        run: npm run preview
       - name: Deploy Docs Preview
         continue-on-error: true
         timeout-minutes: 5
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c6f6a08de9..1dc8b38f7f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,30 +25,11 @@ jobs:
         run: npm run public-api:check
       - name: Release
         env:
+          BD_ACCESS_TOKEN: ${{ secrets.BD_ACCESS_TOKEN }}
+          BD_RELEASE_PHASE: RELEASED
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
           NPM_TOKEN: ${{secrets.NPM_TOKEN}}
         run: npx semantic-release
-      - name: BlackDuck Scan Release
-        env:
-          NEXT_RELEASE_VERSION: ${{ env.NEXT_RELEASE_VERSION }}
-          BD_PROJECT_NAME: ${{ secrets.BD_PROJECT_NAME }}
-          BD_URL: ${{ secrets.BD_URL }}
-          BD_ACCESS_TOKEN: ${{ secrets.BD_ACCESS_TOKEN }}
-        run: bash <(curl -k -s -L https://detect.blackduck.com/detect10.sh) /
-          --blackduck.url=$BD_URL /
-          --blackduck.api.token=$BD_ACCESS_TOKEN /
-          --detect.project.name="$BD_PROJECT_NAME" /
-          --detect.project.version.name="$NEXT_RELEASE_VERSION" /
-          --detect.project.version.update=true /
-          --detect.project.version.phase=RELEASED /
-          --detect.project.version.license="MIT License" /
-          --detect.project.version.distribution=OPENSOURCE /
-          --detect.tools=DETECTOR /
-          --detect.wait.for.results=true /
-          --detect.included.detector.types=npm /
-          --detect.required.detector.types=npm /
-          --detect.detector.search.depth=6 /
-          --detect.npm.dependency.types.excluded=DEV
       - name: Deploy Docs
         continue-on-error: true
         timeout-minutes: 5
diff --git a/.releaserc.js b/.releaserc.js
index 1762b2a6ef..a3b0d76fae 100644
--- a/.releaserc.js
+++ b/.releaserc.js
@@ -21,15 +21,13 @@ module.exports = {
           noteKeywords: ['BREAKING CHANGE', 'BREAKING CHANGES'],
         },
       },
-      [
-        '@semantic-release/exec',
-        {
-          verifyReleaseCmd: 'echo "NEXT_RELEASE_VERSION=${nextRelease.version}" >> $GITHUB_ENV',
-        },
-      ],
     ],
     '@semantic-release/release-notes-generator',
     './scripts/semantic-release-add-peer-dependency.js',
+    './scripts/execute-blackduck-scan.sh' +
+      ' ${process.env.BD_ACCESS_TOKEN}' +
+      ' ${nextRelease.version}' +
+      ' ${process.env.BD_RELEASE_PHASE}',
     '@semantic-release/github',
     [
       '@amanda-mitchell/semantic-release-npm-multiple',
diff --git a/scripts/execute-blackduck-scan.sh b/scripts/execute-blackduck-scan.sh
new file mode 100644
index 0000000000..48428034b9
--- /dev/null
+++ b/scripts/execute-blackduck-scan.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+BD_ACCESS_TOKEN=$1
+NEXT_RELEASE_VERSION=$2
+BD_RELEASE_PHASE=$3
+
+bash <(curl -k -s -L https://detect.blackduck.com/detect10.sh) \
+  --blackduck.url="https://broadcom.app.blackduck.com/" \
+  --blackduck.api.token="$BD_ACCESS_TOKEN" \
+  --detect.project.name="vcf-clarity" \
+  --detect.project.version.name="17.6" \
+  --detect.project.version.update=true \
+  --detect.project.version.phase="$BD_RELEASE_PHASE" \
+  --detect.project.version.license="MIT License" \
+  --detect.project.version.distribution=OPENSOURCE \
+  --detect.source.path="./dist" \
+  --detect.tools=DETECTOR \
+  --detect.detector.search.depth=3 \
+  --detect.detector.search.continue=true \
+  --detect.wait.for.results=true \
+  --detect.included.detector.types=npm \
+  --detect.required.detector.types=npm \
+  --detect.npm.arguments="--prod --depth=3" \
+  --detect.npm.dependency.types.excluded=DEV