Merge pull request #62 from veracode/SDEVX-587

shailesh-veracode · web-flow · commit 35bf04674cc5 · 2024-09-12T22:32:44.000+05:30
Dynamic variable + Ruby support
diff --git a/.github/workflows/veracode-build-artifact-for-scanning.yml b/.github/workflows/veracode-build-artifact-for-scanning.yml
@@ -15,15 +15,36 @@ on:
       event_name:
         required: true
         type: string
+      build_runs_on:
+        required: true
+        type: string
+      build_packager_image:
+        required: true
+        type: string
+      build_predependency_command:
+        required: true
+        type: string
+      ruby_version:
+        required: true
+        type: string
+      bundle_version:
+        required: true
+        type: string
   
 jobs:
   build:
-    if: ${{ inputs.event_name == 'java-pipeline-scan' || inputs.event_name == 'java-policy-scan' || inputs.event_name == 'java-sandbox-scan' || inputs.event_name == 'unidentified-lang-pipeline-scan' || inputs.event_name == 'unidentified-lang-policy-scan' || inputs.event_name == 'unidentified-lang-sandbox-scan' || inputs.event_name == 'dot-net-pipeline-scan' || inputs.event_name == 'dot-net-policy-scan' || inputs.event_name == 'dot-net-sandbox-scan' || inputs.event_name == 'scala-pipeline-scan' || inputs.event_name == 'scala-policy-scan'  || inputs.event_name == 'scala-sandbox-scan' || inputs.event_name == 'go-pipeline-scan' || inputs.event_name == 'go-policy-scan'  || inputs.event_name == 'go-sandbox-scan' || inputs.event_name == 'source-code-pipeline-scan' || inputs.event_name == 'source-code-policy-scan' || inputs.event_name == 'source-code-sandbox-scan'}}
+    if: ${{ inputs.event_name == 'java-pipeline-scan' || inputs.event_name == 'java-policy-scan' || inputs.event_name == 'java-sandbox-scan' || inputs.event_name == 'unidentified-lang-pipeline-scan' || inputs.event_name == 'unidentified-lang-policy-scan' || inputs.event_name == 'unidentified-lang-sandbox-scan' || inputs.event_name == 'dot-net-pipeline-scan' || inputs.event_name == 'dot-net-policy-scan' || inputs.event_name == 'dot-net-sandbox-scan' || inputs.event_name == 'scala-pipeline-scan' || inputs.event_name == 'scala-policy-scan'  || inputs.event_name == 'scala-sandbox-scan' || inputs.event_name == 'go-pipeline-scan' || inputs.event_name == 'go-policy-scan'  || inputs.event_name == 'go-sandbox-scan' || inputs.event_name == 'source-code-pipeline-scan' || inputs.event_name == 'source-code-policy-scan' || inputs.event_name == 'source-code-sandbox-scan' || inputs.event_name == 'ruby-pipeline-scan' || inputs.event_name == 'ruby-policy-scan' || inputs.event_name == 'ruby-sandbox-scan'}}
     uses: ./.github/workflows/veracode-default-build.yml
     with:
       repository: ${{ inputs.repository }}
       ref: ${{ inputs.ref }}
       token: ${{ inputs.token }}
+      build_runs_on: ${{ inputs.build_runs_on }}
+      build_packager_image: ${{ inputs.build_packager_image }}
+      build_predependency_command: ${{ inputs.build_predependency_command }}
+      ruby_version: ${{ inputs.ruby_version }}
+      bundle_version: ${{ inputs.bundle_version }}
+      event_name: ${{ inputs.event_name }}
 
   build-tsql-package:
     if: ${{ inputs.event_name == 'tsql-pipeline-scan' || inputs.event_name == 'tsql-policy-scan'  || inputs.event_name == 'tsql-sandbox-scan'}}
diff --git a/.github/workflows/veracode-code-analysis.yml b/.github/workflows/veracode-code-analysis.yml
@@ -29,6 +29,8 @@ on:
       - java-policy-scan
       - unidentified-lang-pipeline-scan
       - unidentified-lang-policy-scan
+      - ruby-pipeline-scan
+      - ruby-policy-scan
 
 jobs:
   register:
@@ -86,7 +88,11 @@ jobs:
       ref: ${{ github.event.client_payload.sha }}
       token: ${{ github.event.client_payload.token }}
       event_name: ${{ github.event.action }}
-
+      build_runs_on: ${{ github.event.client_payload.user_config.build_runs_on }}
+      build_packager_image: ${{ github.event.client_payload.user_config.build_packager_image }}
+      build_predependency_command: ${{ github.event.client_payload.user_config.build_predependency_command }}
+      ruby_version: ${{ github.event.client_payload.user_config.ruby_version }}
+      bundle_version: ${{ github.event.client_payload.user_config.bundle_version }}
 
   pipeline_scan:
     # needs the build step before this job will start running
diff --git a/.github/workflows/veracode-default-build.yml b/.github/workflows/veracode-default-build.yml
@@ -11,11 +11,30 @@ on:
       token:
         required: true
         type: string
+      event_name:
+        required: true
+        type: string
+      build_runs_on:
+        required: true
+        type: string
+      build_packager_image:
+        required: true
+        type: string
+      build_predependency_command:
+        required: true
+        type: string
+      ruby_version:
+        required: true
+        type: string
+      bundle_version:
+        required: true
+        type: string
+
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ fromJSON(inputs.build_runs_on) }}
     container:
-      image: veracode/scm-packaging:2.1.0
+      image: ${{ inputs.build_packager_image }}
     env:
       VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
       VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'
@@ -32,19 +51,37 @@ jobs:
 
     - name: Package the application
       id: application_package
+      shell: bash
       env:
         VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
         VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'
       run: |
+        if [[ ! -z "${{ inputs.build_predependency_command }}" ]]; then
+          echo "Executing Pre-Build Dependency.."
+          ${{ inputs.build_predependency_command }}
+        else
+          echo "No Pre-Build Dependency provided."
+        fi
+        if [[ "${{ inputs.event_name }}" == *"ruby"* ]]; then
+          source /etc/profile.d/rvm.sh
+          rvm pkg install openssl
+          rvm install ruby-${{ inputs.ruby_version }}
+        fi
+        working_path=`pwd`
+        echo "working_dir=$working_path" >> "$GITHUB_OUTPUT"
         cd veracode-helper/helper/cli
         cliFile=$(ls -1 . | head -n 1)
         cliFileName=$(echo "$cliFile" | cut -c 1-$((${#cliFile}-7)))
         tar -zxvf $cliFile
         cd $cliFileName
         export PATH="veracode-helper/helper/cli/$cliFileName:$PATH"
-        cd /__w/veracode/veracode
+        cd $working_path
+        if [[ "${{ inputs.event_name }}" == *"ruby"* ]]; then
+          gem install bundler -v ${{ inputs.bundle_version }}
+          gem install veracode
+          bundle install
+        fi
         veracode package --source . --output veracode-artifacts --trust
-        zip veracode-artifact.zip veracode-artifacts/* -x .zip .tar .tar.gz .gz
 
     - name: Package error
       if: failure() && steps.application_package.outcome == 'failure'
@@ -54,5 +91,5 @@ jobs:
     - uses: actions/upload-artifact@v4
       with:
         name: veracode-artifact
-        path: /__w/veracode/veracode/veracode-artifacts/*
-        if-no-files-found: error
+        path: "${{ steps.application_package.outputs.working_dir }}/veracode-artifacts/*"
+        if-no-files-found: error
diff --git a/.github/workflows/veracode-sandbox-scan.yml b/.github/workflows/veracode-sandbox-scan.yml
@@ -18,6 +18,7 @@ on:
       - dart-sandbox-scan
       - java-sandbox-scan
       - unidentified-lang-sandbox-scan
+      - ruby-sandbox-scan
 
 jobs:
   build:
