Merge pull request #12 from mercedes-benz/add-crds.dev-link #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-License-Identifier: MIT | |
# Jobs to run Blackduck based FOSS scan | |
name: FOSS Scan | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
foss-scan: | |
strategy: | |
max-parallel: 2 | |
name: foss-scan | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go 1.x | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '1.21' | |
id: go | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Synopsys Detect | |
run: | | |
GITHUB_REF="$(echo $GITHUB_REF_NAME | tr ':/' '_')" | |
BLACKDUCK_SCAN_VERSION_NAME="${GITHUB_REF}_${GITHUB_SHA}" | |
export BLACKDUCK_SCAN_VERSION_NAME | |
# create the tmp directory as we also do during the release process | |
mkdir -p tmp | |
./hack/foss-scan.sh | |
env: | |
BLACKDUCK_URL: ${{ secrets.BLACKDUCK_URL }} | |
BLACKDUCK_PROJECT_NAME: ${{ secrets.BLACKDUCK_PROJECT_NAME }} | |
BLACKDUCK_TOKEN: ${{ secrets.BLACKDUCK_TOKEN }} | |
- name: Archive foss scan notices report | |
uses: actions/upload-artifact@v2 | |
with: | |
name: 3RD_PARTY_LICENSES.txt | |
path: tmp/Black_Duck_Notices_Report.txt | |
- name: Archive foss scan risk report | |
uses: actions/upload-artifact@v2 | |
with: | |
name: foss-scan-risk-report | |
path: tmp/BlackDuck_RiskReport.pdf |