Skip to content

Fix environment protection error & expand BlackDuck scan coverage #1769

Fix environment protection error & expand BlackDuck scan coverage

Fix environment protection error & expand BlackDuck scan coverage #1769

Workflow file for this run

name: Blackduck analysis
on:
push:
branches:
- develop
pull_request:
branches:
- develop
types: [opened, synchronize, reopened]
workflow_dispatch:
permissions:
contents: read # allows workflow to checkout private repository
pull-requests: read # allows SonarQube to decorate PRs with analysis results
jobs:
build:
environment: pr-analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
cache: maven
- name: Install dependencies
run: |
mvn clean install -P unit-tests -DskipIntegrationTests
mvn clean install -f app/single-tenant/central-space/demoapp/pom.xml -DskipTests
mvn clean install -f app/multi-tenant/central-space/cloud-cap-samples-java/pom.xml -DskipTests
# - name: Download Synopsys Detect Script
# run: curl --silent -O https://detect.synopsys.com/detect9.sh
- name: Download Black Duck Detect Script
run: curl --silent -O https://detect.blackduck.com/detect9.sh
- name: Run & analyze BlackDuck Scan
env:
BLACKDUCK_TOKEN: ${{ secrets.BLACKDUCK_TOKEN }}
run: |
set +x
echo "::add-mask::$BLACKDUCK_TOKEN"
bash ./detect9.sh -d \
--logging.level.com.synopsys.integration=DEBUG \
--blackduck.url="https://sap.blackducksoftware.com" \
--blackduck.api.token="$BLACKDUCK_TOKEN" \
--detect.blackduck.signature.scanner.arguments="--min-scan-interval=0" \
--detect.maven.build.command="install -P unit-tests -DskipIntegrationTests" \
--detect.latest.release.version="9.6.0" \
--detect.project.version.distribution="SaaS" \
--detect.blackduck.signature.scanner.memory=4096 \
--detect.timeout=6000 \
--blackduck.trust.cert=true \
--detect.project.user.groups="SAP_DOC_MGMT_CAPPLUGIN_JAVA1.0" \
--detect.project.name="SAP_DOC_MGMT_CAPPLUGIN_JAVA1.0" \
--detect.project.version.name="1.0" \
--detect.code.location.name="SAP_DOC_MGMT_CAPPLUGIN_JAVA1.0/1.0" \
--detect.source.path="/home/runner/work/sdm/sdm"