Last active
March 16, 2021 14:50
-
-
Save CMYanko/ee62a833904ff656cfbe0293e35b4640 to your computer and use it in GitHub Desktop.
Java / Maven Build
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # This workflow integrates ShiftLeft NG SAST with GitHub | |
| # Visit https://docs.shiftleft.io for help | |
| name: ShiftLeft | |
| on: | |
| # Trigger the workflow on push or pull request, | |
| # but only for the main branch | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| NextGen-Static-Analysis: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| # We are building this application with Java 11 | |
| - name: Setup Java JDK | |
| uses: actions/[email protected] | |
| with: | |
| java-version: 11.0.x | |
| - name: Package with maven | |
| run: mvn compile package | |
| - name: Download ShiftLeft CLI | |
| run: | | |
| curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl | |
| # ShiftLeft requires Java 1.8. Post the package step override the version | |
| - name: Setup Java JDK | |
| uses: actions/[email protected] | |
| with: | |
| java-version: 1.8 | |
| - name: Extract branch name | |
| shell: bash | |
| run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" | |
| id: extract_branch | |
| - name: Branch name | |
| run: echo running on branch ${GITHUB_REF##*/} | |
| - name: NextGen Static Analysis | |
| run: | | |
| git log --pretty=“%an %ae%n%cn %ce” --since “90 days ago” | sort | uniq | |
| ${GITHUB_WORKSPACE}/sl analyze --wait --app shiftleft-java-demo --tag app.group=HSL --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --java --cpg target/hello-shiftleft-*.jar | |
| env: | |
| SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} | |
| SHIFTLEFT_ORG_ID: ${{ secrets.SHIFTLEFT_ORG_ID }} | |
| - name: Validate Build Rules | |
| # Only run on pull request and compare to Main as set in the build rules file Shiftleft.yml | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \ | |
| --branch "${{ github.head_ref || steps.extract_branch.outputs.branch }}" \ | |
| --report \ | |
| --github-pr-number=${{github.event.number}} \ | |
| --github-pr-user=${{ github.repository_owner }} \ | |
| --github-pr-repo=${{ github.event.repository.name }} \ | |
| --github-token=${{ secrets.GITHUB_TOKEN }} | |
| env: | |
| SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment