Check Run Update for pipeline scan action

skumariV · skumariV · commit e0ff60bc2f0f · 2025-09-17T14:40:01.000+05:30
diff --git a/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml b/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml
@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Verify Veracode API credentials
         id: verify_api_creds
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: validateVeracodeApiCreds
           token: ${{ github.event.client_payload.token }}
@@ -43,7 +43,7 @@ jobs:
       - name: Verify Policy name
         id: verify_policy_name
         if: success()
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: validatePolicyName
           token: ${{ github.event.client_payload.token }}
@@ -119,7 +119,7 @@ jobs:
       - name: Veracode Pipeline-Scan
         if: always()
         id: pipeline-scan
-        uses: veracode/Veracode-pipeline-scan-action@v1.0.18
+        uses: veracode/Veracode-pipeline-scan-action@v1.0.19
         with:
           vid: ${{ secrets.VERACODE_API_ID }}
           vkey: ${{ secrets.VERACODE_API_KEY }}
@@ -133,11 +133,12 @@ jobs:
           filtered_json_output_file: ${{ strategy.job-index }}-filtered_results.json
           artifact_name: ${{ matrix.file }}
           debug: 1
+          workflow_app: true
     
       - name: Veracode Pipeline Results
         if: always()
         id: prepare-results
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: 'preparePipelineResults'
           token: ${{ github.event.client_payload.token }}
@@ -178,23 +179,33 @@ jobs:
     needs: pipeline_scan
     if: always()
     steps:
-      - name: Update cxheck
-        id: update_check_status
-        shell: bash
-        run: |
-          # Convert JSON string to a proper format for jq processing
-          echo '${{ toJSON(needs) }}' | jq -c 'to_entries[]' | while read -r job; do
-            status=$(echo "$job" | jq -r '.value.result')
-            if [ "$status" = "success" ]; then
-              echo "Job scuccess no need to update"
-              success_count=$((success_count + 1))
-            elif [ "$status" = "failure" ]; then
-              echo "Jobs failed - need checks update"
-              echo '{"status": "completed", "conclusion": "failure"}' > payload.txt
+     - name: Update check
+       id: update_check_status
+       shell: bash
+       env:
+        BREAK_BUILD_ON_ERROR: ${{ github.event.client_payload.user_config.break_build_on_error }}
+        BREAK_BUILD_ON_POLICY: ${{ github.event.client_payload.user_config.break_build_policy_findings }}
+       run: |
+            success_count=0
+            conclusion="failure"
+            # Convert JSON string to a proper format for jq processing
+            echo '${{ toJSON(needs) }}' | jq -c 'to_entries[]' | while read -r job; do
+              status=$(echo "$job" | jq -r '.value.result')
+              echo "$status"
+              if [ "$status" = "success" ]; then
+                success_count=$((success_count + 1))
+                echo '{"status": "completed", "conclusion": "success"}' > payload.txt
+              elif [ "$status" = "failure" ]; then
+                if [ "$BREAK_BUILD_ON_ERROR" = "false" && "$BREAK_BUILD_ON_POLICY" = "false" ]; then
+                  echo '{"status": "completed", "conclusion": "success"}' > payload.txt
+                else
+                  echo '{"status": "completed", "conclusion": "failure"}' > payload.txt
+                fi
+              fi
               curl -X PATCH \
                 -H "Authorization: Bearer ${{ github.event.client_payload.token }}" \
                 -H "Accept: application/vnd.github+json" \
                 https://api.github.com/repos/${{ github.event.client_payload.repository.owner }}/${{ github.event.client_payload.repository.name }}/check-runs/${{ needs.register.outputs.run_id }} \
                 -d @"payload.txt"
-            fi
-          done
+            done
+       
diff --git a/.github/workflows/binary-ready-veracode-sast-policy-scan.yml b/.github/workflows/binary-ready-veracode-sast-policy-scan.yml
@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Verify Veracode API credentials
         id: verify_api_creds
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: validateVeracodeApiCreds
           token: ${{ github.event.client_payload.token }}
@@ -43,7 +43,7 @@ jobs:
       - name: Verify Policy name
         id: verify_policy_name
         if: success()
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: validatePolicyName
           token: ${{ github.event.client_payload.token }}
@@ -90,7 +90,7 @@ jobs:
       - name: Veracode Policy Results
         id: prepare-results
         if: always()
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: 'preparePolicyResults'
           token: ${{ github.event.client_payload.token }}
@@ -109,7 +109,7 @@ jobs:
     if: ${{ github.event.client_payload.user_config.sandbox_scan.execute_remove_sandbox_action && always() }}
     name: Remove Sandbox
     steps:
-      - uses: veracode/github-actions-integration-helper@v0.1.7
+      - uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: 'removeSandbox'
           vid: ${{ secrets.VERACODE_API_ID }}
diff --git a/.github/workflows/template-register.yaml b/.github/workflows/template-register.yaml
@@ -14,7 +14,7 @@ jobs:
     steps:
     - name: Register build
       id: register-build
-      uses: veracode/github-actions-integration-helper@v0.1.7
+      uses: veracode/github-actions-integration-helper@v0.1.8
       with:
         action: registerBuild
         token: ${{ github.event.client_payload.token }}
diff --git a/.github/workflows/veracode-code-analysis.yml b/.github/workflows/veracode-code-analysis.yml
@@ -52,7 +52,7 @@ jobs:
     steps:
       - name: Verify Veracode API credentials
         id: verify_api_creds
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: validateVeracodeApiCreds
           token: ${{ github.event.client_payload.token }}
@@ -65,7 +65,7 @@ jobs:
       - name: Verify Policy name
         id: verify_policy_name
         if: success()
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: validatePolicyName
           token: ${{ github.event.client_payload.token }}
diff --git a/.github/workflows/veracode-iac-secrets-scan.yml b/.github/workflows/veracode-iac-secrets-scan.yml
@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Verify Veracode API credentials
         id: verify_api_creds
-        uses: Veracode/github-actions-integration-helper@v0.1.7
+        uses: Veracode/github-actions-integration-helper@v0.1.8
         with:
           action: validateVeracodeApiCreds
           token: ${{ github.event.client_payload.token }}
diff --git a/.github/workflows/veracode-pipeline-scan.yml b/.github/workflows/veracode-pipeline-scan.yml
@@ -104,7 +104,7 @@ jobs:
       - name: Veracode Pipeline-Scan
         if: always()
         id: pipeline-scan
-        uses: veracode/Veracode-pipeline-scan-action@v1.0.18
+        uses: veracode/Veracode-pipeline-scan-action@v1.0.19
         with:
           vid: ${{ secrets.VERACODE_API_ID }}
           vkey: ${{ secrets.VERACODE_API_KEY }}
@@ -118,11 +118,12 @@ jobs:
           filtered_json_output_file: ${{ strategy.job-index }}-filtered_results.json
           artifact_name: ${{ matrix.file }}
           debug: 1
+          workflow_app: true
     
       - name: Veracode Pipeline Results
         if: always()
         id: prepare-results
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: 'preparePipelineResults'
           token: ${{ inputs.token }}
@@ -163,23 +164,32 @@ jobs:
     needs: pipeline_scan
     if: always()
     steps:
-      - name: Update check
-        id: update_check_status
-        shell: bash
-        run: |
-          # Convert JSON string to a proper format for jq processing
-          echo '${{ toJSON(needs) }}' | jq -c 'to_entries[]' | while read -r job; do
-            status=$(echo "$job" | jq -r '.value.result')
-            if [ "$status" = "success" ]; then
-              echo "Job success no need to update"
-              success_count=$((success_count + 1))
-            elif [ "$status" = "failure" ]; then
-              echo "Jobs failed - need checks update"
-              echo '{"status": "completed", "conclusion": "failure"}' > payload.txt
+     - name: Update check
+       id: update_check_status
+       shell: bash
+       env:
+        BREAK_BUILD_ON_ERROR: ${{ inputs.break_build_on_error }}
+        BREAK_BUILD_ON_POLICY: ${{ inputs.break_build_policy_findings }}
+       run: |
+            success_count=0
+            conclusion="failure"
+            # Convert JSON string to a proper format for jq processing
+            echo '${{ toJSON(needs) }}' | jq -c 'to_entries[]' | while read -r job; do
+              status=$(echo "$job" | jq -r '.value.result')
+              echo "$status"
+              if [ "$status" = "success" ]; then
+                success_count=$((success_count + 1))
+                echo '{"status": "completed", "conclusion": "success"}' > payload.txt
+              elif [ "$status" = "failure" ]; then
+                if [ "$BREAK_BUILD_ON_ERROR" = "false" && "$BREAK_BUILD_ON_POLICY" = "false" ]; then
+                  echo '{"status": "completed", "conclusion": "success"}' > payload.txt
+                else
+                  echo '{"status": "completed", "conclusion": "failure"}' > payload.txt
+                fi
+              fi
               curl -X PATCH \
                 -H "Authorization: Bearer ${{ inputs.token }}" \
                 -H "Accept: application/vnd.github+json" \
                 https://api.github.com/repos/${{ inputs.owner }}/${{ inputs.repo }}/check-runs/${{ inputs.check_run_id }} \
                 -d @"payload.txt"
-            fi
-          done
+            done
diff --git a/.github/workflows/veracode-policy-scan.yml b/.github/workflows/veracode-policy-scan.yml
@@ -93,7 +93,7 @@ jobs:
       - name: Veracode Policy Results
         id: prepare-results
         if: always()
-        uses: veracode/github-actions-integration-helper@v0.1.7
+        uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: 'preparePolicyResults'
           token: ${{ inputs.token }}
@@ -114,7 +114,7 @@ jobs:
     if: ${{ github.event.client_payload.user_config.sandbox_scan.execute_remove_sandbox_action && always() }}
     name: Remove Sandbox
     steps:
-      - uses: veracode/github-actions-integration-helper@v0.1.7
+      - uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: 'removeSandbox'
           vid: ${{ secrets.VERACODE_API_ID }}
diff --git a/.github/workflows/veracode-remove-sandbox.yml b/.github/workflows/veracode-remove-sandbox.yml
@@ -34,7 +34,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Remove Sandbox
     steps:
-      - uses: veracode/github-actions-integration-helper@v0.1.7
+      - uses: veracode/github-actions-integration-helper@v0.1.8
         with:
           action: 'removeSandbox'
           vid: ${{ secrets.VERACODE_API_ID }}
