chore: update BDBA token rotation schedule to every twelve weeks (#55)

On-behalf-of: Gerald Morrison (SAP) <gerald.morrison@sap.com>
Signed-off-by: Gerald Morrison (SAP) <gerald.morrison@sap.com>

<!-- markdownlint-disable MD041 -->
#### What this PR does / why we need it
update BDBA token rotation schedule to every twelve weeks

---------

Signed-off-by: Gerald Morrison (SAP) <gerald.morrison@sap.com>
Co-authored-by: Gerald Morrison (SAP) <gerald.morrison@sap.com>

Author: morri-son

.github/workflows/bdba.yaml

@@ -19,10 +19,6 @@ on:
         required: true
       BDBA_GROUP_ID:
         required: true
-      BDBA_USERNAME:
-        required: true
-      BDBA_PASSWORD:
-        required: true
 
 permissions:
   actions: read
@@ -40,41 +36,14 @@ jobs:
           repository: open-component-model/ocm
           ref: main
 
-      # Generate new API token for BDB using the BDBA API
-      - name: Generate new BDBA API token
-        id: generate-bdba-token
-        run: |
-          # Generate new token from the Black Duck Binary Analysis API
-          # Using the validity period of 86400 seconds (1 day)
-          RESPONSE=$(curl -s -X PUT \
-            -H "Content-Type: application/json" \
-            -u "${{ secrets.BDBA_USERNAME }}:${{ secrets.BDBA_PASSWORD }}" \
-            -d '{"validity": 86400}' \
-            "https://bdba.tools.sap/api/key/")
-          
-          # Extract token from response
-          TOKEN=$(echo "$RESPONSE" | jq -r '.key.value')
-          
-          # Verify token was generated successfully
-          if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
-            echo "Failed to generate new token. API response: $RESPONSE"
-            exit 1
-          fi
-          
-          # Store token as step output 
-          echo "::add-mask::$TOKEN"
-          echo "bdba_token=$TOKEN" >> "$GITHUB_OUTPUT"
-          
-          echo "Successfully generated new BDBA API token"
-
       # Download the CTF that has been uploaded from release workflow 
       - name: Download CTF
         uses: actions/download-artifact@v4
         with:
           pattern: '${{ inputs.artifact_id }}'
           path: ${{ github.workspace }}/gen
 
-      # Since OCM cli is required to download CVs from CTF extract binary from CTF
+      # Since OCM cli is required to download CVs from CTF, extract binary from CTF
       - name: Extract OCM Binary from CTF
         id: extract-ocm
         run: |
@@ -121,7 +90,7 @@ jobs:
 
             # Upload the file using curl
             echo "Uploading $upload_name to BDBA"
-            curl_output=$(curl -sS -X PUT -H "Authorization: Bearer ${{ steps.generate-bdba-token.outputs.bdba_token }}" -H "Group: ${{ secrets.BDBA_GROUP_ID }}" -H "Version: $version" -H "Delete-Binary: true" --data-binary "@$file" "$api_url")
+            curl_output=$(curl -sS -X PUT -H "Authorization: Bearer ${{ secrets.BDBA_API_TOKEN }}" -H "Group: ${{ secrets.BDBA_GROUP_ID }}" -H "Version: $version" -H "Delete-Binary: true" --data-binary "@$file" "$api_url")
 
             # Check if upload was successful and print results
             if [[ $(echo "$curl_output" | jq '.meta.code') == "200" ]]; then

.github/workflows/rotate-bdba-token.yml

@@ -4,8 +4,7 @@ name: BDBA Token Rotation
 
 on:
   schedule:
-    # Run on first of every month at 0:37 AM UTC
-    - cron: '37 0 1 * *'
+    - cron: '37 2 1 * *' # Run on every 1st of month 2:37 AM UTC
   workflow_dispatch: # Allow manual trigger
 
 jobs:
@@ -22,16 +21,17 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-        # Generate new API token using the BDBA API
+      # Generate new API token using the BDBA API
       - name: Generate new BDBA API token
         id: generate-bdba-token
+        if: ${{ env.SHOULD_RUN == 'true' }}
         run: |
           # Generate new token from the Black Duck Binary Analysis API
-          # Using the validity period of 3888000 seconds (45 days)
+          # Using the validity period of 7257600 seconds (84 days / 12 weeks)
           RESPONSE=$(curl -s -X PUT \
             -H "Content-Type: application/json" \
-            -u "${{ secrets.BDBA_USERNAME }}:${{ secrets.BDBA_PASSWORD }}" \
-            -d '{"validity": 3888000}' \
+            -H "Authorization: Bearer ${{ secrets.BDBA_API_TOKEN }}" \
+            -d '{"validity": 7257600}' \
             "https://bdba.tools.sap/api/key/")
           
           # Extract token from response