make action same in all repos

On-behalf-of: Gerald Morrison (SAP) <[email protected]>
Signed-off-by: Gerald Morrison (SAP) <[email protected]>

Author: morrison-sap

.github/workflows/blackduck_scan.yaml

@@ -5,7 +5,7 @@ on:
   pull_request_target:
     branches: [ "main" ]
   schedule:
-    - cron:  '6 1 * * 0'
+    - cron:  '15 0 * * 0'
   workflow_dispatch:
 
 permissions:
@@ -17,7 +17,6 @@ jobs:
     runs-on: [ ubuntu-latest ]
     steps:
       - name: Checkout code
-        if: github.event_name != 'pull_request_target'
         uses: actions/checkout@v4
 
       - name: Run Black Duck Full SCA Scan (Push, Manual Trigger or Schedule)
@@ -26,7 +25,6 @@ jobs:
         env:
           DETECT_PROJECT_USER_GROUPS: opencomponentmodel
           DETECT_PROJECT_VERSION_DISTRIBUTION: opensource
-          DETECT_SOURCE_PATH: ./
           DETECT_EXCLUDED_DIRECTORIES: .bridge
           DETECT_BLACKDUCK_SIGNATURE_SCANNER_ARGUMENTS: '--min-scan-interval=0'
           NODE_TLS_REJECT_UNAUTHORIZED: true
@@ -43,12 +41,55 @@ jobs:
         env:
           DETECT_PROJECT_USER_GROUPS: opencomponentmodel
           DETECT_PROJECT_VERSION_DISTRIBUTION: opensource
-          DETECT_SOURCE_PATH: ./
           DETECT_EXCLUDED_DIRECTORIES: .bridge
           NODE_TLS_REJECT_UNAUTHORIZED: true
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           blackducksca_url: ${{ secrets.BLACKDUCK_URL }}
           blackducksca_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
           blackducksca_scan_full: false
-          blackducksca_prComment_enabled: true
+
+      # Check Black Duck status and upload status file as artifact.
+      # This step is required to be set as always(), so the status file is uploaded even if the Black Duck scan fails.
+      - name: Check Black Duck status
+        if: always()
+        id: check_blackduck_status
+        shell: bash
+        run: |
+          # Use find to locate status file
+          STATUS_FILE=$(find "/home/runner/work/ocm-cicd-playground/ocm-cicd-playground/.bridge/Blackduck SCA Detect Execution/detect/runs" -name "status.json" | head -n 1)
+      
+          if [ -z "$STATUS_FILE" ]; then
+            echo "::warning file=status.json::No Black Duck status file found"
+            exit 1
+          else
+            ISSUE_COUNT=$(jq '.issues | length' "$STATUS_FILE")
+            
+            if [[ "$ISSUE_COUNT" -eq 0 ]]; then
+              echo "status_file_path=$STATUS_FILE" >> "$GITHUB_OUTPUT"
+              echo "Black Duck scan successfully executed. Status JSON will be uploaded as an artifact to the GitHub action.""
+            else
+              # Issues exist, fail step but save file path for upload
+              echo "status_file_path=$STATUS_FILE" >> "$GITHUB_OUTPUT"
+              echo "::error file=$STATUS_FILE::Black Duck scan had issues:"
+              
+              # Extract and print issue details
+              jq -r '.issues[] | "\(.type): \(.title)\n  Details: \((.messages | if type == "string" then [.] else . end) | join("; "))"' status.json | \
+              while IFS= read -r line; do
+                echo "::error::$line"
+              done
+              echo
+              echo "Black Duck Overall Status:"
+              jq -r '.overallStatus[0].key + " - " + .overallStatus[0].status' "$STATUS_FILE"
+              echo
+              echo "Status JSON will be uploaded as an artifact to the GitHub action."
+              exit 1
+            fi
+          fi
+            
+      - name: Upload Blackduck status file
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: status-json
+          path: ${{ steps.check_blackduck_status.outputs.status_file_path }}