executing remove-sandbox action after completing execution of policy scan

shailesh-veracode · shailesh-veracode · commit 10d6a3015d20 · 2024-04-05T16:30:23.000+05:30
diff --git a/.github/workflows/binary-ready-veracode-sast-policy-scan.yml b/.github/workflows/binary-ready-veracode-sast-policy-scan.yml
@@ -102,6 +102,20 @@ jobs:
           fail_checks_on_error: ${{ github.event.client_payload.user_config.break_build_on_error }}
           filter_mitigated_flaws: ${{ github.event.client_payload.user_config.filter_mitigated_flaws }}
 
+  veracode-remove-sandbox:
+    needs: policy_scan
+    runs-on: ubuntu-latest
+    if: ${{ github.event.client_payload.user_config.sandbox_scan.execute_remove_sandbox_action && always() }}
+    name: Remove Sandbox
+    steps:
+      - uses: veracode/github-actions-integration-helper@main
+        with:
+          action: 'removeSandbox'
+          vid: ${{ secrets.VERACODE_API_ID }}
+          vkey: ${{ secrets.VERACODE_API_KEY }}
+          appname: ${{ github.event.client_payload.user_config.profile_name }}
+          sandboxname: GitHub App Scans-${{ github.event.client_payload.user_config.sandbox_scan.branch }}
+
   code-scanning-alert:
     needs: policy_scan
     runs-on: ubuntu-latest
diff --git a/.github/workflows/template-register.yaml b/.github/workflows/template-register.yaml
@@ -24,4 +24,4 @@ jobs:
         check_run_name: ${{ github.workflow }}
         head_sha: ${{ github.event.client_payload.sha }}
         event_type: ${{ github.event.client_payload.event_type }}
-        branch: ${{ github.event.client_payload.repository.branch }}
+        branch: ${{ github.event.client_payload.user_config.sandbox_scan.branch }}
diff --git a/.github/workflows/veracode-policy-scan.yml b/.github/workflows/veracode-policy-scan.yml
@@ -102,6 +102,20 @@ jobs:
           fail_checks_on_error: ${{ inputs.break_build_on_error }}
           filter_mitigated_flaws: ${{ inputs.filter_mitigated_flaws }}
 
+  veracode-remove-sandbox:
+    needs: policy_scan
+    runs-on: ubuntu-latest
+    if: ${{ github.event.client_payload.user_config.sandbox_scan.execute_remove_sandbox_action && always() }}
+    name: Remove Sandbox
+    steps:
+      - uses: veracode/github-actions-integration-helper@main
+        with:
+          action: 'removeSandbox'
+          vid: ${{ secrets.VERACODE_API_ID }}
+          vkey: ${{ secrets.VERACODE_API_KEY }}
+          appname: ${{ github.event.client_payload.user_config.profile_name }}
+          sandboxname: GitHub App Scans-${{ github.event.client_payload.user_config.sandbox_scan.branch }}
+
   code-scanning-alert:
     needs: policy_scan
     runs-on: ubuntu-latest
