Skip to content

add bdba scripts and yml #8

add bdba scripts and yml

add bdba scripts and yml #8

Workflow file for this run

# Copyright (c) 2024 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: BDBA Scan
on:
workflow_dispatch:
inputs:
org:
description: "Enter Project organizational repo to run BDBA scan (ex: intel-innersource):"
required: true
type: string
repo:
description: "Enter Project repo for which you want to run BDBA scan (ex: frameworks.ai.infrastructure.code-scan-tools):"
required: true
type: string
refs:
description: "Enter Project branch, tag:"
required: true
type: string
group:
description: "Enter BDBA group (ex: 32):"
required: true
type: string
runners:
description: "Array of runner labels: "
required: true
type: string
default: "['gasp']"
pull_request:
branches: [main]
types: [opened, reopened, ready_for_review, synchronize] # added `ready_for_review` since draft is skipped
paths-ignore:
- "**.md"
jobs:
bdba_scan:
runs-on: internal
container:
image: cache-registry.caas.intel.com/cache/library/python:slim
steps:
- name: Pack Additional Resources
shell: bash
run: |
apt-get update
apt-get install zip unzip wget -y
apt-get install curl jq -y
zip -r genai-bdba.zip ${GITHUB_WORKSPACE}/.*
- name: get intel certs
shell: bash
run: |
mkdir -p ${{ github.workspace }}/certs
wget http://certificates.intel.com/repository/certificates/IntelSHA256RootCA-Base64.crt -O- >> ${{ github.workspace }}/certs/ca-certificates.crt
- name: Run BDBA Scan
id: bdba
env:
BDBA_TOKEN: "${{ secrets.BDBA_TOKEN }}"
uses: ./.github/workflows/BDBA_action.yml
with:
bdba_group: 22
bdba_binary: genai-bdba.zip
- name: Fetch BDBA projects
id: data
shell: bash
run: |
export CURL_CA_BUNDLE="${{ github.workspace }}/certs/ca-certificates.crt"
curl -H "Authorization: Bearer ${{ secrets.BDBA_TOKEN }}" "https://bdba001.icloud.intel.com/api/apps/?q=file:genai-bdba.zip" -o /tmp/scan.txt
echo "PRODUCT=$(jq -r '.products[0].product_id' /tmp/scan.txt)" >> $GITHUB_ENV
- name: Download BDBA project Scan data
shell: bash
run: |
export CURL_CA_BUNDLE="${{ github.workspace }}/certs/ca-certificates.crt"
curl -H "Authorization: Bearer ${{ secrets.BDBA_TOKEN }}" "https://bdba001.icloud.intel.com/api/product/${{ env.PRODUCT }}/pdf-report" -o /tmp/genai-bdba_scan.pdf
#- name: Upload Scan artifact to Github
# uses: actions/upload-artifact@v4
# with:
# name: BDBA-log
# path: /tmp/genai-bdba_scan.pdf
# if-no-files-found: ignore # 'warn' or 'ignore' are also available, defaults to `warn`
# retention-days: 60 # 1 <= retention-days <= 90