From 472edacc4557f6794d527384e26f63a6d6c4421f Mon Sep 17 00:00:00 2001
From: Gerald Morrison <67469729+morri-son@users.noreply.github.com>
Date: Mon, 16 Oct 2023 17:13:11 +0200
Subject: [PATCH] Add blackduck scans (#63)

* add blackduck scans

* change schedule
---
 .github/workflows/blackduck_scan.yaml         | 55 +++++++++++++++++++
 .../workflows/blackduck_scan_scheduled.yaml   | 34 ++++++++++++
 2 files changed, 89 insertions(+)
 create mode 100644 .github/workflows/blackduck_scan.yaml
 create mode 100644 .github/workflows/blackduck_scan_scheduled.yaml

diff --git a/.github/workflows/blackduck_scan.yaml b/.github/workflows/blackduck_scan.yaml
new file mode 100644
index 0000000..7e254e9
--- /dev/null
+++ b/.github/workflows/blackduck_scan.yaml
@@ -0,0 +1,55 @@
+name: Blackduck Scan PR
+on:
+  pull_request_target:
+    branches: [main]
+  # push:
+  #   branches: [main] 
+
+permissions:
+  checks: write
+  pull-requests: write
+
+#invoke forked detect-action as the one from synopsys is deprecated: https://github.com/mercedesbenzio/detect-action
+jobs:
+  blackduck:
+    runs-on: [ubuntu-latest]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up Java 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Blackduck Full Scan
+        if: ${{ github.event_name != 'pull_request_target' }}
+        uses: mercedesbenzio/detect-action@v1
+        env:
+          DETECT_PROJECT_USER_GROUPS: opencomponentmodel
+          DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS
+          DETECT_SOURCE_PATH: ./
+          NODE_TLS_REJECT_UNAUTHORIZED: true
+        with:
+          scan-mode: INTELLIGENT
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+
+      - name: Blackduck PR Scan
+        if: ${{ github.event_name == 'pull_request_target' }}
+        uses: mercedesbenzio/detect-action@v1
+        env:
+          DETECT_PROJECT_USER_GROUPS: opencomponentmodel
+          DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS
+          DETECT_SOURCE_PATH: ./
+          NODE_TLS_REJECT_UNAUTHORIZED: true
+          BLACKDUCK_SKIP_PHONE_HOME: true
+          #LOGGING_LEVEL_COM_SYNOPSYS_INTEGRATION: DEBUG
+        with:
+          scan-mode: RAPID
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          detect-version: 8.8.0
+          
\ No newline at end of file
diff --git a/.github/workflows/blackduck_scan_scheduled.yaml b/.github/workflows/blackduck_scan_scheduled.yaml
new file mode 100644
index 0000000..6cec46a
--- /dev/null
+++ b/.github/workflows/blackduck_scan_scheduled.yaml
@@ -0,0 +1,34 @@
+name: Blackduck Scan Cronjob
+on:
+  schedule:
+    - cron:  '45 0 * * 0'
+  
+permissions:
+  checks: write
+
+jobs:
+  build:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Java 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          
+      - name: Blackduck Full Scan
+        uses: mercedesbenzio/detect-action@v1
+        env:
+          DETECT_PROJECT_USER_GROUPS: opencomponentmodel
+          DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS
+          DETECT_SOURCE_PATH: ./
+          NODE_TLS_REJECT_UNAUTHORIZED: true
+        with:
+          scan-mode: INTELLIGENT
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          detect-version: 8.8.0