add wiz scan on create PR to master and remove lacework(SWG-14342) #188

Workflow file for this run

.github/workflows/maven-pr-3.0.yml at bc954d0

	name: Build Test PR 3.0

	on:
	pull_request:
	branches: [ "3.0.0" ]

	jobs:
	build_pr_30:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	java: [ 11, 17 ]

	# export docker_tag from this job
	outputs:
	docker_tag: ${{ steps.build_image.outputs.tag }}

	env:
	GENERATORS_VERSION_PROPERTY: ""
	MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
	MAVEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}

	steps:
	- uses: actions/checkout@v4
	name: git checkout 3.0.0
	with:
	ref: 3.0.0

	- name: Set up Java
	uses: actions/setup-java@v4
	with:
	java-version: ${{ matrix.java }}
	distribution: temurin
	cache: maven
	overwrite-settings: false

	- name: Add Central-Portal snapshot repo to settings.xml
	uses: s4u/[email protected]
	with:
	repositories: \|
	[
	{
	"id": "central-portal-snapshots",
	"name": "Sonatype Central Portal snapshots",
	"url": "https://central.sonatype.com/repository/maven-snapshots/",
	"releases": { "enabled": false },
	"snapshots": { "enabled": true }
	}
	]
	servers: \|
	[
	{
	"id": "central",
	"username": "${{ secrets.MAVEN_CENTRAL_USERNAME }}",
	"password": "${{ secrets.MAVEN_CENTRAL_PASSWORD }}"
	}
	]

	- name: preliminary checks
	run: \|
	docker login --username=${{ secrets.DOCKERHUB_SB_USERNAME }} --password=${{ secrets.DOCKERHUB_SB_PASSWORD }}
	set -e
	/bin/bash ./bin/utils/detect_carriage_return.sh
	/bin/bash ./bin/utils/detect_merge_conflict.sh
	/bin/bash ./bin/utils/detect_tab_in_java_class.sh

	- name: Build with Maven
	if: ${{ matrix.java != 8 }}
	run: \|
	export MY_POM_VERSION=$(mvn -Dswagger-codegen-generators-version=1.0.37 \
	-q -Dexec.executable="echo" -Dexec.args='${projects.version}' \
	--non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec)
	echo "POM VERSION ${MY_POM_VERSION}"

	export GENERATORS_VERSION=$(sed -n 's/<swagger\-codegen\-generators\-version>$[^<]*$<\/swagger\-codegen\-generators\-version>/\1/p' pom.xml \| tr -d '[:space:]')
	echo "GENERATORS_VERSION ${GENERATORS_VERSION}"

	export GENERATORS_VERSION_PROPERTY=""
	if [[ ! $MY_POM_VERSION =~ SNAPSHOT ]]; then
	if [[ ! $GENERATORS_VERSION =~ SNAPSHOT ]]; then
	# check release version exists on Maven Central
	local result
	result=$(curl -s --max-time 60 --retry 15 \
	"https://search.maven.org/solrsearch/select?q=g:io.swagger.codegen.v3%20AND%20a:swagger-codegen-generators%20AND%20v:${GENERATORS_VERSION}%20AND%20p:jar")
	if [[ $(echo "$result" \| jq '.response.numFound') -eq 0 ]]; then
	# fall back to latest snapshot
	SNAP_API="https://central.sonatype.com/repository/maven-snapshots"
	ARTIFACT_PATH="io/swagger/codegen/v3/swagger-codegen-generators"
	LAST_SNAP=$(curl -s "$SNAP_API/$ARTIFACT_PATH/maven-metadata.xml" \
	\| grep -oP '(?<=<version>)[^<]+' \| sort -V \| tail -1)
	export GENERATORS_VERSION_PROPERTY="-Dswagger-codegen-generators-version=$LAST_SNAP"
	fi
	fi
	fi

	echo "GENERATORS_VERSION_PROPERTY=${GENERATORS_VERSION_PROPERTY}"
	echo "GENERATORS_VERSION_PROPERTY=${GENERATORS_VERSION_PROPERTY}" >> $GITHUB_ENV

	mvn clean verify -U -DJETTY_TEST_HTTP_PORT=8070 \
	-DJETTY_TEST_STOP_PORT=8069 ${GENERATORS_VERSION_PROPERTY}

	- name: Build Docker image
	id: build_image
	run: \|
	# construct a unique tag: repo:pr-<number>-java<version>
	TAG="${{ github.repository }}:pr-${{ github.event.pull_request.number }}-java${{ matrix.java }}"
	docker build -t "$TAG" .
	# export as both step output and env for downstream
	echo "::set-output name=tag::$TAG"
	echo "IMAGE_TAG=$TAG" >> $GITHUB_ENV

	scan-with-wiz:
	name: Trigger Wiz Scanning
	runs-on: ubuntu-latest
	needs: [ build_pr_30 ]
	if: success()

	steps:
	- name: Authenticate to Wiz
	run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
	env:
	WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
	WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}

	- name: Run wiz-cli docker image scan
	run: \|
	./wizcli docker scan --image $TAG --policy "$POLICY"
	./wizcli docker tag --image $TAG
	env:
	TAG: ${{ needs.build_pr_30.outputs.docker_tag }}
	POLICY: "SmartBear default vulnerabilities policy"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

add wiz scan on create PR to master and remove lacework(SWG-14342) #188

Workflow file

add wiz scan on create PR to master and remove lacework(SWG-14342) #188

Uh oh!

Jobs

Run details

Workflow file for this run