Merge pull request #84 from veracode/SDEVX-8814

Sdevx 8814

Author: edakheyash-16

.github/workflows/veracode-iac-secrets-scan.yml

@@ -44,7 +44,6 @@ jobs:
     needs: [register, validations]
     runs-on: ubuntu-latest
     name: Veracode IaC/Secrets Scanning
-
     steps:
       - uses: actions/checkout@v4
         with:
@@ -63,3 +62,13 @@ jobs:
             debug: false
             fail_build: ${{ github.event.client_payload.user_config.break_build_policy_findings }}
             fail_build_on_error: ${{ github.event.client_payload.user_config.break_build_on_error }}
+
+  cleanup:
+    runs-on: ${{ fromJson(github.event.client_payload.user_config.default_runs_on) }}
+    if: always()
+    needs: [register, validations, veracode-iac-secrets-scan]
+    steps:
+      - name: Cleanup workspace and Docker
+        run: |
+          echo "Running final cleanup..."
+          sudo rm -rf $GITHUB_WORKSPACE/

.github/workflows/veracode-pipeline-scan.yml

@@ -193,3 +193,9 @@ jobs:
                 https://api.github.com/repos/${{ inputs.owner }}/${{ inputs.repo }}/check-runs/${{ inputs.check_run_id }} \
                 -d @"payload.txt"
             done
+      
+     - name: Cleanup workspace and Docker
+       if: always()
+       run: |
+         echo "Running final cleanup..."
+         sudo rm -rf $GITHUB_WORKSPACE/

.github/workflows/veracode-policy-scan.yml

@@ -179,3 +179,14 @@ jobs:
           repo_name: ${{ inputs.repo }}
           github-token: ${{ inputs.token }}
           commitHash: ${{ inputs.sha }}
+
+  cleanup:
+    runs-on: ${{ fromJson(github.event.client_payload.user_config.default_runs_on) }}
+    if: always()
+    needs: [policy_scan, veracode-remove-sandbox, code-scanning-alert, create-issues]
+    steps:
+      - name: Cleanup workspace and Docker
+        if: always()
+        run: |
+          echo "Running final cleanup..."
+          sudo rm -rf $GITHUB_WORKSPACE/

.github/workflows/veracode-remove-sandbox.yml

@@ -41,3 +41,13 @@ jobs:
           vkey: ${{ secrets.VERACODE_API_KEY }}
           appname: ${{ github.event.client_payload.user_config.profile_name }}
           sandboxname: GitHub App Scans-${{ github.event.client_payload.repository.branch }}
+          
+  cleanup:
+    runs-on: ${{ fromJSON(github.event.client_payload.user_config.default_runs_on) }}
+    if: always()
+    needs: [create-checks-run, veracode-remove-sandbox]
+    steps:
+      - name: Cleanup workspace and Docker
+        run: |
+          echo "Running final cleanup..."
+          sudo rm -rf $GITHUB_WORKSPACE/

.github/workflows/veracode-sandbox-scan.yml

@@ -67,3 +67,14 @@ jobs:
           failbuild: ${{ github.event.client_payload.user_config.break_build_policy_findings }}
           gitRepositoryUrl: ${{ github.server_url }}/${{ github.event.client_payload.repository.full_name }}
           deleteincompletescan: true
+
+  cleanup:
+    runs-on: ${{ fromJson(github.event.client_payload.user_config.default_runs_on) }}
+    if: always()
+    needs: [build, sandbox_scan]
+    steps:
+      - name: Cleanup workspace and Docker
+        if: always()
+        run: |
+          echo "Running final cleanup..."
+          sudo rm -rf $GITHUB_WORKSPACE/

.github/workflows/veracode-sca-scan.yml

@@ -89,3 +89,15 @@ jobs:
           recursive: true
           allow-dirty: true
           breakBuildOnPolicyFindings: ${{ github.event.client_payload.user_config.break_build_policy_findings }}
+
+  cleanup:
+    runs-on: ${{ fromJson(github.event.client_payload.user_config.default_runs_on) }}
+    if: always()
+    needs: [register, veracode-sca-scan]
+    steps:
+      - name: Cleanup workspace and Docker
+        if: always()
+        run: |
+          echo "Running final cleanup..."
+          sudo rm -rf $GITHUB_WORKSPACE/
+