Skip to content

Commit 293391c

Browse files
author
Calvin A. Allen
authored
Add FOSSA integration (#21)
* Add FOSSA integration * Don't scan on PRs
1 parent bd211e5 commit 293391c

File tree

3 files changed

+45
-31
lines changed

3 files changed

+45
-31
lines changed

.github/workflows/build_image.yml

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,34 @@
11
name: Build the Docker Image
22

33
on:
4-
pull_request:
5-
types: [ opened, reopened, synchronize ]
6-
branches:
7-
- main
4+
pull_request:
5+
types: [opened, reopened, synchronize]
6+
branches:
7+
- main
88

99
env:
10-
REGISTRY: ghcr.io
11-
IMAGE_NAME: ${{ github.repository }}
10+
REGISTRY: ghcr.io
11+
IMAGE_NAME: ${{ github.repository }}
1212

1313
jobs:
14-
build-image:
15-
runs-on: ubuntu-latest
14+
build-image:
15+
runs-on: ubuntu-latest
1616

17-
permissions: write-all
17+
permissions: write-all
1818

19-
steps:
20-
- name: Checkout repository
21-
uses: actions/checkout@v4
19+
steps:
20+
- name: Checkout repository
21+
uses: actions/checkout@v4
2222

23-
- name: Build Docker image
24-
id: push
25-
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
26-
with:
27-
context: .
28-
push: false
29-
build-args: |
30-
BROWSER_LICENSE_KEY=${{ secrets.BROWSER_LICENSE_KEY }}
31-
BROWSER_ACCOUNT_ID=${{ secrets.BROWSER_ACCOUNT_ID }}
32-
BROWSER_TRUST_KEY=${{ secrets.BROWSER_TRUST_KEY }}
33-
BROWSER_AGENT_ID=${{ secrets.BROWSER_AGENT_ID }}
34-
BROWSER_APPLICATION_ID=${{ secrets.BROWSER_APPLICATION_ID }}
23+
- name: Build Docker image
24+
id: push
25+
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
26+
with:
27+
context: .
28+
push: false
29+
build-args: |
30+
BROWSER_LICENSE_KEY=${{ secrets.BROWSER_LICENSE_KEY }}
31+
BROWSER_ACCOUNT_ID=${{ secrets.BROWSER_ACCOUNT_ID }}
32+
BROWSER_TRUST_KEY=${{ secrets.BROWSER_TRUST_KEY }}
33+
BROWSER_AGENT_ID=${{ secrets.BROWSER_AGENT_ID }}
34+
BROWSER_APPLICATION_ID=${{ secrets.BROWSER_APPLICATION_ID }}

.github/workflows/publish_image.yml

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -42,13 +42,14 @@ jobs:
4242
labels: ${{ steps.meta.outputs.labels }}
4343
github-token: ${{ secrets.GITHUB_TOKEN }}
4444
build-args: |
45-
BROWSER_LICENSE_KEY=${{ secrets.BROWSER_LICENSE_KEY }}
46-
BROWSER_ACCOUNT_ID=${{ secrets.BROWSER_ACCOUNT_ID }}
47-
BROWSER_TRUST_KEY=${{ secrets.BROWSER_TRUST_KEY }}
48-
BROWSER_AGENT_ID=${{ secrets.BROWSER_AGENT_ID }}
49-
BROWSER_APPLICATION_ID=${{ secrets.BROWSER_APPLICATION_ID }}
50-
NEW_RELIC_METADATA_COMMIT=${{ github.sha }}
51-
NEW_RELIC_METADATA_RELEASE_TAG=${{ github.ref_name }}
45+
BROWSER_LICENSE_KEY=${{ secrets.BROWSER_LICENSE_KEY }}
46+
BROWSER_ACCOUNT_ID=${{ secrets.BROWSER_ACCOUNT_ID }}
47+
BROWSER_TRUST_KEY=${{ secrets.BROWSER_TRUST_KEY }}
48+
BROWSER_AGENT_ID=${{ secrets.BROWSER_AGENT_ID }}
49+
BROWSER_APPLICATION_ID=${{ secrets.BROWSER_APPLICATION_ID }}
50+
FOSSA_API_KEY=${{ secrets.FOSSA_API_KEY }}
51+
NEW_RELIC_METADATA_COMMIT=${{ github.sha }}
52+
NEW_RELIC_METADATA_RELEASE_TAG=${{ github.ref_name }}
5253
5354
- name: Generate artifact attestation
5455
uses: actions/attest-build-provenance@v1

Dockerfile

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,16 +29,29 @@ ARG BROWSER_ACCOUNT_ID
2929
ARG BROWSER_TRUST_KEY
3030
ARG BROWSER_AGENT_ID
3131
ARG BROWSER_APPLICATION_ID
32+
ARG FOSSA_API_KEY
3233

3334
ENV BROWSER_LICENSE_KEY=$BROWSER_LICENSE_KEY
3435
ENV BROWSER_ACCOUNT_ID=$BROWSER_ACCOUNT_ID
3536
ENV BROWSER_TRUST_KEY=$BROWSER_TRUST_KEY
3637
ENV BROWSER_AGENT_ID=$BROWSER_AGENT_ID
3738
ENV BROWSER_APPLICATION_ID=$BROWSER_APPLICATION_ID
39+
ENV FOSSA_API_KEY=$FOSSA_API_KEY
3840

3941
RUN --mount=type=cache,target=/root/.gradle ./gradlew downloadNewRelicAgent --console=plain --info --no-daemon --no-watch-fs
4042
RUN --mount=type=cache,target=/root/.gradle ./gradlew build --console=plain --info --no-daemon --no-watch-fs
4143

44+
RUN if [ -z "$FOSSA_API_KEY" ] ; then \
45+
echo --SKIPPING FOSSA CLI DOWNLOAD ; \
46+
else \
47+
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash; \
48+
fi
49+
RUN if [ -z "$FOSSA_API_KEY" ] ; then \
50+
echo --SKIPPING FOSSA SCAN ; \
51+
else \
52+
fossa analyze; \
53+
fi
54+
4255
FROM base AS final
4356
WORKDIR /app
4457
COPY --from=build /src/build/libs/petclinic-backend-1.0.0.jar .

0 commit comments

Comments
 (0)