Skip to content

Commit

Permalink
Try and use organizational account to get sonatype working (#169)
Browse files Browse the repository at this point in the history 
* Try and use organizational account

* Update dependencies and disable scanning

* re-enable sonatype scanning

* Update conditions on which scanning is run
  • Loading branch information
@DamianReeves
DamianReeves authored Oct 4, 2024
1 parent 83667db commit dd4b898
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 64 deletions.
108 changes: 54 additions & 54 deletions .github/workflows/ci-cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,63 +159,63 @@ jobs:

############### SONATYPE SCAN ###############
sonatype-scan:
if: always()
if: github.repository_owner == 'finos'
needs: [ci]
runs-on: ubuntu-latest
steps:
- name: Cache scala dependencies
uses: coursier/cache-action@v6

- name: Get OUT cache
uses: actions/cache/restore@v4
with:
path: out/
key: ${{ runner.os }}-*
- name: Copy Cache for SCA Scan
run: |
mkdir depCache/ #Create local copy of cache for Sonatype Scanner
cp -r /home/runner/.cache/coursier/ depCache/
# - name: Save resolvedIvyDeps.json
# run: ./mill show __.resolvedIvyDeps > depCache/resolvedIvyDeps.json
# - name: Upload Dependency Cache (optional)
# uses: actions/upload-artifact@v4
# with:
# name: Dependency Cache
# path: depCache/
- name: Sonatype Lifecycle SCA Scan
uses: sonatype-nexus-community/iq-github-action@main
with:
username: ${{ secrets.SONATYPE_SCANNER_USERNAME }}
password: ${{ secrets.SONATYPE_SCANNER_PASSWORD }}
serverUrl: ${{ env.SonatypeUrl }}
applicationId: ${{ env.SonatypeAppId }}
stage: ${{ env.SonatypeStage }}
target: ${{ env.SonatypeScanTarget }} ${{ env.ExcludeDirectory }}

- name: Retrieve Sonatype SBOM (SPDX)
if: always()
run: |
mkdir reports/
iqCredentials="${{ secrets.SONATYPE_SCANNER_USERNAME }}:${{ secrets.SONATYPE_SCANNER_PASSWORD }}"
echo 'Get internal app ID for public ID: '$SonatypeAppId
res=$(curl -u $iqCredentials --location $SonatypeUrl'api/v2/applications?publicId='$SonatypeAppId)
IFS='"' read -a array <<< "$res"
echo 'Internal app ID: '${array[5]}
internalID=${array[5]}
curl -u $iqCredentials --location $SonatypeUrl'api/v2/spdx/'$internalID'/stages/'$SonatypeStage -H 'Accept: application/xml' > reports/$SonatypeAppId.spdx.json
echo 'Sonatype SBOM (SPDX): '
cat reports/$SonatypeAppId.spdx.json
- name: Upload Sonatype SBOM (SPDX)
if: always()
uses: actions/upload-artifact@v4
with:
name: ${{ env.SonatypeAppId }} Sonatype SBOM (SPDX)
path: reports/
#############################################
- name: Cache scala dependencies
uses: coursier/cache-action@v6

- name: Get OUT cache
uses: actions/cache/restore@v4
with:
path: out/
key: ${{ runner.os }}-*

- name: Copy Cache for SCA Scan
run: |
mkdir depCache/ #Create local copy of cache for Sonatype Scanner
cp -r /home/runner/.cache/coursier/ depCache/
# - name: Save resolvedIvyDeps.json
# run: ./mill show __.resolvedIvyDeps > depCache/resolvedIvyDeps.json

# - name: Upload Dependency Cache (optional)
# uses: actions/upload-artifact@v4
# with:
# name: Dependency Cache
# path: depCache/

- name: Sonatype Lifecycle SCA Scan
uses: sonatype-nexus-community/iq-github-action@main
with:
username: ${{ secrets.SONATYPE_SCANNER_USERNAME }}
password: ${{ secrets.SONATYPE_SCANNER_PASSWORD }}
serverUrl: ${{ env.SonatypeUrl }}
applicationId: ${{ env.SonatypeAppId }}
stage: ${{ env.SonatypeStage }}
target: ${{ env.SonatypeScanTarget }} ${{ env.ExcludeDirectory }}

- name: Retrieve Sonatype SBOM (SPDX)
if: always()
run: |
mkdir reports/
iqCredentials="${{ secrets.SONATYPE_SCANNER_USERNAME }}:${{ secrets.SONATYPE_SCANNER_PASSWORD }}"
echo 'Get internal app ID for public ID: '$SonatypeAppId
res=$(curl -u $iqCredentials --location $SonatypeUrl'api/v2/applications?publicId='$SonatypeAppId)
IFS='"' read -a array <<< "$res"
echo 'Internal app ID: '${array[5]}
internalID=${array[5]}
curl -u $iqCredentials --location $SonatypeUrl'api/v2/spdx/'$internalID'/stages/'$SonatypeStage -H 'Accept: application/xml' > reports/$SonatypeAppId.spdx.json
echo 'Sonatype SBOM (SPDX): '
cat reports/$SonatypeAppId.spdx.json
- name: Upload Sonatype SBOM (SPDX)
if: always()
uses: actions/upload-artifact@v4
with:
name: ${{ env.SonatypeAppId }} Sonatype SBOM (SPDX)
path: reports/
#############################################

cd:
needs: [sonatype-scan, ci]
Expand Down
20 changes: 10 additions & 10 deletions project/deps.sc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,27 +254,27 @@ object Versions {
val spire = "0.18.0"
val `tasty-query` = "0.5.6"
val upickle = "3.0.0-M1"
val zio = "2.0.21"
val zio = "2.1-RC1"
val `zio-cli` = "0.5.0"
val `zio-config` = "4.0.0-RC16"
val `zio-config` = "4.0.2"
val `zio-interop-cats` = "23.1.0.0"
val `zio-json` = "0.6.2"
val `zio-json` = "0.7.3"
val `zio-nio` = "2.0.2"
val `zio-parser` = "0.1.9"
val `zio-parser` = "0.1.10"
val `zio-prelude` = "1.0.0-RC21"
val `zio-process` = "0.7.2"
val `zio-schema` = "0.4.12"
val `zio-schema` = "1.5.0"
}

object ScalaVersions {
import DevMode._
val all = if (devMode) Seq(scala3x) else Seq(scala213, scala3x)
def scala212 = "2.12.18"
def scala213 = "2.13.12"
def scala3x = "3.3.1"
def scala212 = "2.12.20"
def scala213 = "2.13.15"
def scala3x = "3.3.4"

def scalaJSVersion = "1.15.0"
def scalaNativeVersion = "0.4.16"
def scalaJSVersion = "1.17.0"
def scalaNativeVersion = "0.5.5"
def millScalaVersion = "2.13.10"
}

Expand Down

0 comments on commit dd4b898

Please sign in to comment.