Skip to content
.github/workflows/veracode-analysis.yml

exclude & timeout #4

Sign in to view logs

exclude & timeout

exclude & timeout #4

Workflow file for this run

.github/workflows/veracode-analysis.yml at a99e82a
# Veracode scans
on:
workflow_call:
inputs:
module_name:
required: true
type: string
major_version:
required: true
type: string
minor_version:
required: true
type: string
stability:
required: true
type: string
is_cpp_project:
required: false
type: string
img_version:
required: true
type: string
docker_registry_url:
required: true
type: string
secrets:
veracode_api_id:
required: true
veracode_api_key:
required: true
veracode_srcclr_token:
required: true
docker_registry_id:
required: true
docker_registry_passwd:
required: true
jobs:
build:
name: Sandbox scan
runs-on: [self-hosted, collect]
container:
image: ${{ inputs.docker_registry_url }}/centreon-collect-alma9:${{ inputs.img_version }}
credentials:
username: ${{ secrets.docker_registry_id }}
password: ${{ secrets.docker_registry_passwd }}
steps:
- uses: actions/checkout@v3
- name: debug before compilation status
run: |
echo "[DEBUG] - current location ?"
pwd
ls -la
echo "[DEBUG] - Current folder size ?"
du -sh ./* | sort -h
- name: Compile cpp sources
if: inputs.is_cpp_project == 'yes'
run: |
pwd
ls -la
sudo pip3 install conan==1.57.0 --prefix=/usr --upgrade
sudo conan install . -s compiler.cppstd=14 -s compiler.libcxx=libstdc++11 --build=missing
# If verbosity is required add : -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \
# Removed to test : -DCMAKE_BUILD_TYPE=RelWithDebInfo \
sudo cmake \
-G "Ninja" \
-DCMAKE_CXX_FLAGS="-gdwarf-2 -g3 -O0 -fno-builtin" \
-DWITH_TESTING=OFF \
-DWITH_BENCH=OFF \
-DWITH_MODULE_SIMU=OFF \
-DCMAKE_INSTALL_PREFIX=/usr \
-DWITH_STARTUP_SCRIPT=systemd \
-DWITH_ENGINE_LOGROTATE_SCRIPT=ON \
-DWITH_USER_BROKER=centreon-broker \
-DWITH_GROUP_BROKER=centreon-broker \
-DWITH_USER_ENGINE=centreon-engine \
-DWITH_GROUP_ENGINE=centreon-engine \
-DWITH_VAR_DIR=/var/log/centreon-engine \
-DWITH_DAEMONS=ON \
-DWITH_CREATE_FILES=OFF \
-DWITH_CONFIG_FILES=ON \
.
sudo ninja
- name: debug after compilation status
run: |
echo "[DEBUG] - current location ?"
pwd
echo "[DEBUG] - Current folder size ?"
du -sh ./* | sort -h
echo "[DEBUG] - Build / Bin folder size ?"
du -sh ./bin/* | sort -h
echo "[DEBUG] - Build / Lib folder size ?"
du -sh ./lib/* | sort -h
echo "[DEBUG] - Build / Broker module folder size ?"
du -sh ./broker/* | sort -h
echo "[DEBUG] - Current location files ?"
ls -la
- name: Removing files to exclude
run: |
echo "[INFO] - Removing veracode exclusions"
if [[ -f ".veracode-exclusions" ]]; then
for LINE in $( cat .veracode-exclusions | sed 's/[^a-zA-Z0-9_./-]//g' | sed -r 's/\.\./\./g' ); do
if [[ -d "$LINE" ]]; then
rm -rf "$LINE"
echo "[INFO] - folder removed from analysis : '$LINE'"
elif [[ -e "$LINE" ]]; then
rm -f "$LINE"
echo "[INFO] - file removed from analysis : '$LINE'"
elif [[ -z "$LINE" ]]; then
echo "[INFO] - empty directive. Skipping this line"
else
echo "[INFO] - target to exclude not found. Skipping: '$LINE'"
fi
done
else
echo "[INFO] - No '.veracode-exclusions' file found for this module. Skipping exclusion step"
fi
echo "[INFO] - Cleaning useless files"
toClean=(
*.o
*.a
*.h
*.sql
CMake*.*
*.in
*.cfg
CMakeDetermineCompilerABI_C.bin
)
for toFind in ${toClean[@]}; do
for file in $( find ./ -name "$toFind" ); do
rm -f $file
done
done
echo "[INFO] - Checking for remaining scripts used to mock tests"
for file in $( find ./ -name "*.py" ); do
echo "[WARN] - Remaining file to exclude : $file"
done
echo "[DEBUG] - Current folder size ?"
du -sh ./* | sort -h
cd ..
echo "[DEBUG] - Parent folder size ?"
du -sh ./* | sort -h
- name: Analysis preparation
run: |
echo "[DEBUG] - Current location ?"
pwd
ls -la
cd ..
env GZIP=-9 tar cvzf "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.tar.gz" centreon-collect
ls -la
- name: Sandbox scan
uses: veracode/veracode-uploadandscan-action@0.2.6
if: vars.VERACODE_CONTINUE_ON_ERROR == 'true'
continue-on-error: true

Check failure on line 172 in .github/workflows/veracode-analysis.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/veracode-analysis.yml

Invalid workflow file 

You have an error in your yaml syntax on line 172
with:
appname: "${{ inputs.module_name }}"
version: "${{ inputs.major_version }}.${{ inputs.minor_version }}_runId-${{ github.run_id }}"
filepath: "../${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.tar.gz"
vid: "vera01ei-${{ secrets.veracode_api_id }}"
vkey: "vera01es-${{ secrets.veracode_api_key }}"
createprofile: true
createsandbox: true
sandboxname: "${{ github.ref_name }}"
criticality: "Low"
#scantimeout: 120
includenewmodules: true
scanallnonfataltoplevelmodules: true
deleteincompletescan: 1
exclude: "*.jar"
scanpollinginterval: 120 # time between two checks in seconds / [30 to 120]
- name: Promote Scan
# only develop will be promoted to policy scan
## if: success() && github.ref_name == 'develop'
if: success()
env:
VERACODE_API_ID: "${{ secrets.veracode_api_id }}"
VERACODE_API_SECRET: "${{ secrets.veracode_api_key }}"
# Action forked as API call hardcode '.com' route
uses: sc979/veracode-sandboxes-helper@v0.2
with:
activity: "promote-latest-scan"
app-name: "${{ inputs.module_name }}"
sandbox-name: "${{ github.ref_name }}"
delete-on-promote: false