add wiz scan on create PR to master and remove lacework(SWG-14342) #263

Workflow file for this run

.github/workflows/maven-master-pulls.yml at 264ab86

	name: PR build - master

	on:
	pull_request:
	branches: [ "3.0.0" ]

	jobs:
	build:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	java: [ 11 ]

	steps:
	- uses: actions/checkout@v2
	- name: Set up Java
	uses: actions/setup-java@v1
	with:
	java-version: ${{ matrix.java }}
	- name: Cache local Maven repository
	uses: actions/cache@v3
	with:
	path: ~/.m2/repository
	key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
	restore-keys: \|
	${{ runner.os }}-maven-
	- name: Build with Maven
	run: mvn -B -U verify --file pom.xml

	build_pr_30:

	runs-on: ubuntu-latest
	strategy:
	matrix:
	java: [ 11, 17 ]

	env:
	GENERATORS_VERSION_PROPERTY: ""
	MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
	MAVEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
	steps:
	- uses: actions/checkout@v4
	name: git checkout 3.0.0
	with:
	ref: 3.0.0
	- name: Set up Java
	uses: actions/setup-java@v4
	with:
	java-version: ${{ matrix.java }}
	distribution: temurin
	cache: maven
	overwrite-settings: false
	- name: Add Central-Portal snapshot repo to settings.xml
	uses: s4u/maven-settings-action@v3.1.0
	with:
	repositories: '[{"id":"central-portal-snapshots","name":"Sonatype Central Portal snapshots","url":"https://central.sonatype.com/repository/maven-snapshots/","releases":{"enabled":false},"snapshots":{"enabled":true}}]'
	servers: '[{"id":"central","username":"${{ secrets.MAVEN_CENTRAL_USERNAME }}","password":"${{ secrets.MAVEN_CENTRAL_PASSWORD }}"}]'
	- name: preliminary checks
	run: \|
	docker login --username=${{ secrets.DOCKERHUB_SB_USERNAME }} --password=${{ secrets.DOCKERHUB_SB_PASSWORD }}
	set -e
	# fail if templates/generators contain carriage return '\r'
	/bin/bash ./bin/utils/detect_carriage_return.sh
	# fail if generators contain merge conflicts
	/bin/bash ./bin/utils/detect_merge_conflict.sh
	# fail if generators contain tab '\t'
	/bin/bash ./bin/utils/detect_tab_in_java_class.sh
	- name: Build with Maven
	if: ${{ matrix.java != 8 }}
	run: \|
	export MY_POM_VERSION=`mvn -Dswagger-codegen-generators-version=1.0.37 -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec`
	echo "POM VERSION" ${MY_POM_VERSION}
	export GENERATORS_VERSION=`sed -n 's/<swagger\-codegen\-generators\-version>$[^\s]*$<\/swagger\-codegen\-generators\-version>/\1/p' pom.xml`
	export GENERATORS_VERSION=`echo ${GENERATORS_VERSION} \| tr -d '[:space:]'`
	echo "GENERATORS_VERSION" ${GENERATORS_VERSION}
	export GENERATORS_VERSION_PROPERTY=""
	if [[ ! $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]];
	then
	if [[ ! $GENERATORS_VERSION =~ ^.*SNAPSHOT$ ]];
	then
	# check release version exists
	export GENERATORS_FOUND_JSON=`curl -s --max-time 60 --retry 15 --connect-timeout 20 https://search.maven.org/solrsearch/select?q=g:io.swagger.codegen.v3%20AND%20a:swagger-codegen-generators%20AND%20v:${GENERATORS_VERSION}%20AND%20p:jar`
	export GENERATORS_FOUND=`echo ${GENERATORS_FOUND_JSON} \| jq '.response.numFound'`
	echo "GENERATORS_FOUND" ${GENERATORS_FOUND}
	if [[ $GENERATORS_FOUND == '0' ]];
	then
	echo "generators version not found"
	rm -f maven-metadata.xml
	SNAP_API="https://central.sonatype.com/repository/maven-snapshots"
	ARTIFACT_PATH="io/swagger/codegen/v3/swagger-codegen-generators"
	ROOT_META="${SNAP_API}/${ARTIFACT_PATH}/maven-metadata.xml"
	export LAST_SNAP=$(curl -s "$ROOT_META" \| grep -oP '(?<=<version>)1\.[^<]+' \| sort -V \| tail -n1)
	echo "LAST_SNAP $LAST_SNAP"
	export GENERATORS_VERSION_PROPERTY=-Dswagger-codegen-generators-version=$LAST_SNAP
	fi
	fi
	fi
	echo "GENERATORS_VERSION_PROPERTY ${GENERATORS_VERSION_PROPERTY}"
	echo "GENERATORS_VERSION_PROPERTY=${GENERATORS_VERSION_PROPERTY}" >> $GITHUB_ENV
	mvn clean verify -U -DJETTY_TEST_HTTP_PORT=8070 -DJETTY_TEST_STOP_PORT=8069 ${GENERATORS_VERSION_PROPERTY}

	build-java8:

	runs-on: ubuntu-latest
	strategy:
	matrix:
	java: [ 8 ]

	steps:
	- uses: actions/checkout@v2
	- name: Set up Java
	uses: actions/setup-java@v1
	with:
	java-version: ${{ matrix.java }}
	- name: Cache local Maven repository
	uses: actions/cache@v3
	with:
	path: ~/.m2/repository
	key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
	restore-keys: \|
	${{ runner.os }}-maven-
	- name: Build with Maven
	run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml

	scan-with-wiz:
	name: Trigger Wiz Scanning
	runs-on: ubuntu-latest

	needs: [ build ]
	if: success()

	steps:
	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_SB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_SB_PASSWORD }}

	- name: Checkout code
	uses: actions/checkout@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Docker image
	run: \|
	docker buildx build --load -t swagger-codegen:latest .

	- name: Download Wiz CLI
	run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli

	- name: Authenticate to Wiz
	run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
	env:
	WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
	WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}

	- name: Run wiz-cli docker image scan
	run: \|
	./wizcli docker scan --image $TAG --policy "$POLICY" >
	./wizcli docker tag --image $TAG
	env:
	TAG: swagger-codegen:latest
	POLICY: "SmartBear default vulnerabilities policy"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

add wiz scan on create PR to master and remove lacework(SWG-14342) #263

Workflow file

add wiz scan on create PR to master and remove lacework(SWG-14342) #263

Uh oh!

Jobs

Run details

Workflow file for this run