fix(provisioning): Veracode needs to deal with ontop/spring applicati…

…on differently than a standalone app.
eclipse-tractusx · Aug 25, 2023 · 5ecdb3f · 5ecdb3f
1 parent efa11e6
commit 5ecdb3f
Showing 1 changed file with 39 additions and 3 deletions.
diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml
@@ -49,16 +49,15 @@ jobs:
       - name: Verify proper formatting
         run: ./mvnw spotless:check
 
-  build:
+  build_standalone:
     runs-on: ubuntu-latest
     needs: [ secret-presence, verify-formatting ]
     permissions:
       contents: read
     strategy:
       fail-fast: false
       matrix:
-        variant: [ { dir: provisioning, name: provisioning-agent },
-                   { dir: remoting, name: remoting-agent },
+        variant: [ { dir: remoting, name: remoting-agent },
                    { dir: conforming, name: conforming-agent }
                   ]
     steps:
@@ -87,3 +86,40 @@ jobs:
           filepath: ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}.tar.gz
           vid: ${{ secrets.ORG_VERACODE_API_ID }}
           vkey: ${{ secrets.ORG_VERACODE_API_KEY }}
+
+  build_embedded:
+    runs-on: ubuntu-latest
+    needs: [ secret-presence, verify-formatting ]
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        variant: [ { dir: provisioning, name: provisioning-agent },
+        ]
+    steps:
+      # Set-Up
+      - uses: actions/[email protected]
+      - uses: ./.github/actions/setup-java
+      # Build
+      - name: Build ${{ matrix.variant.name }}
+        run: |-
+          ./mvnw -s settings.xml -pl ${{ matrix.variant.dir }} install
+        env:
+          GITHUB_ACTOR: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Tar gzip files for veracode upload
+        run: |-
+          tar -czvf ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}.tar.gz ${{ matrix.variant.dir }}/lib/*.jar ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}-*.jar
+      - name: Veracode Upload And Scan
+        uses: veracode/[email protected]
+        if: |
+          needs.secret-presence.outputs.ORG_VERACODE_API_ID && needs.secret-presence.outputs.ORG_VERACODE_API_KEY
+        continue-on-error: true
+        with:
+          appname: knowledge-agents/${{ matrix.variant.name }}
+          createprofile: true
+          version: ${{ matrix.variant.name }}-${{ github.sha }}
+          filepath: ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}.tar.gz
+          vid: ${{ secrets.ORG_VERACODE_API_ID }}
+          vkey: ${{ secrets.ORG_VERACODE_API_KEY }}