GitHub Action
WhiteSource CI integration
v2.6
Latest version
Github action for CI integration.
How to use the action:
-
Create a repository with all your config files in the following format: repoName/ProductName/ProjectName/wss-generated-file-CI.config
In the config file change the API key to "<API_TOKEN>"
-
Define the following secrets:
- WHITESOURCE_GH_PAT: GH private access token (enable SSO if needed, defined in the organization level)
- WHITESOURCE_CONFIG_REPO: The path to your config files repository in the following format organization/repoName.git (defined in the organization level)
- WHITESOURCE_PRODUCT_NAME: The product name from the WS UI (define this variable in the repository level to support many products if needed)
- WHITESOURCE_API_KEY: Your organization WS API token (defined in the organization level)
- WHITESOURCE_NPM_TOKEN: NPM token to access private organizations if needed (defined in the organization level)
- WHITESOURCE_USER_KEY: Your WS user key
- Add a GH action to use the template:
name: WhiteSource CI integration
on:
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.ref }}
- name: WhiteSource CI integration
uses: Idancc/WhiteSource-CI-Integration@{VERSION}
env:
WHITESOURCE_PRODUCT_NAME: ${{ secrets.WHITESOURCE_PRODUCT_NAME }}
WHITESOURCE_PROJECT_NAME: ${{ github.event.repository.name }}
WHITESOURCE_GH_PAT: ${{ secrets.WHITESOURCE_GH_PAT }}
WHITESOURCE_CONFIG_REPO: ${{ secrets.WHITESOURCE_CONFIG_REPO }}
WHITESOURCE_NPM_TOKEN: ${{ secrets.WHITESOURCE_NPM_TOKEN }}
WHITESOURCE_API_KEY: ${{ secrets.WHITESOURCE_API_KEY }}
WHITESOURCE_USER_KEY: ${{ secrets.WHITESOURCE_USER_KEY }}
- name: policy Rejection Summary
if: ${{ always() }}
run: cat ./whitesource/policyRejectionSummary.json