From 36634b460d7e294cb5ca3f4bf753e5f3b99de0b2 Mon Sep 17 00:00:00 2001 From: skyflow-vivek Date: Mon, 23 Dec 2024 17:30:38 +0530 Subject: [PATCH 1/5] SK-1633 Fix key names for secrets --- .github/workflows/endorlabsScan.yml | 32 ++++++++++++++++------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/.github/workflows/endorlabsScan.yml b/.github/workflows/endorlabsScan.yml index 43bb3105..8c177065 100644 --- a/.github/workflows/endorlabsScan.yml +++ b/.github/workflows/endorlabsScan.yml @@ -1,24 +1,28 @@ name: Endor Labs Scan Java Project on: + pull_request: + branches: [main] workflow_dispatch: inputs: java_version: description: "The version of Java to be used for build" - default: "1.8" + default: "8.0.422" required: true jobs: - clone-build-scan: + build-and-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-java@v4 with: distribution: zulu - java-version: ${{ github.event.inputs.java_version }} - gpg-private-key: ${{ secrets.GPG_KEY }} # Value of the GPG private key to import - gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} # env variable for GPG private key passphrase + # java-version: ${{ github.event.inputs.java_version }} + java-version: 8.0.422 + server-id: ossrh + gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import + gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # env variable for GPG private key passphrase - name: Create env id: create-env @@ -38,12 +42,12 @@ jobs: - name: Compile Package run: mvn clean install - - name: Endor Labs SCA Scan - uses: endorlabs/github-action@main - with: - namespace: "skyflow" - api: "https://api.endorlabs.com" - pr: false - enable_github_action_token: true - scan_dependencies: true - additional_args: "--as-default-branch --call-graph-languages=java" + # - name: Endor Labs SCA Scan + # uses: endorlabs/github-action@main + # with: + # namespace: "skyflow" + # api: "https://api.endorlabs.com" + # pr: false + # enable_github_action_token: true + # scan_dependencies: true + # additional_args: "--as-default-branch --call-graph-languages=java" From 9a4d41278cc06cd6f1c1219b07bb02150eb62b5b Mon Sep 17 00:00:00 2001 From: skyflow-vivek Date: Mon, 23 Dec 2024 19:15:15 +0530 Subject: [PATCH 2/5] SK-1633 Change setup java action v1 --- .github/workflows/endorlabsScan.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/endorlabsScan.yml b/.github/workflows/endorlabsScan.yml index 8c177065..f829e0fc 100644 --- a/.github/workflows/endorlabsScan.yml +++ b/.github/workflows/endorlabsScan.yml @@ -15,14 +15,14 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v1 with: - distribution: zulu + java-version: "1.8" + # distribution: zulu # java-version: ${{ github.event.inputs.java_version }} - java-version: 8.0.422 - server-id: ossrh - gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import - gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # env variable for GPG private key passphrase + # server-id: ossrh + # gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import + # gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # env variable for GPG private key passphrase - name: Create env id: create-env From d6548fee281bf8f010453884585a0387f8f9954d Mon Sep 17 00:00:00 2001 From: skyflow-vivek Date: Mon, 23 Dec 2024 19:20:58 +0530 Subject: [PATCH 3/5] SK-1633 Add gpg secrets --- .github/workflows/endorlabsScan.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/endorlabsScan.yml b/.github/workflows/endorlabsScan.yml index f829e0fc..e5dd83a3 100644 --- a/.github/workflows/endorlabsScan.yml +++ b/.github/workflows/endorlabsScan.yml @@ -20,9 +20,11 @@ jobs: java-version: "1.8" # distribution: zulu # java-version: ${{ github.event.inputs.java_version }} - # server-id: ossrh - # gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import - # gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # env variable for GPG private key passphrase + server-id: ossrh + server-username: ${{ secrets.OSSRH_USERNAME }} + server-password: ${{ secrets.OSSRH_PASSWORD }} + gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import + gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # env variable for GPG private key passphrase - name: Create env id: create-env @@ -41,6 +43,10 @@ jobs: - name: Compile Package run: mvn clean install + env: + SERVER_USERNAME: ${{ secrets.OSSRH_USERNAME }} + SERVER_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # - name: Endor Labs SCA Scan # uses: endorlabs/github-action@main From b0312ec65bf2abb148a225cdbcaaddce67e7b626 Mon Sep 17 00:00:00 2001 From: skyflow-vivek Date: Mon, 6 Jan 2025 11:52:14 +0530 Subject: [PATCH 4/5] SK-1633 Change compile command --- .github/workflows/endorlabsScan.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/endorlabsScan.yml b/.github/workflows/endorlabsScan.yml index e5dd83a3..85a8c877 100644 --- a/.github/workflows/endorlabsScan.yml +++ b/.github/workflows/endorlabsScan.yml @@ -15,16 +15,16 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-java@v1 + - uses: actions/setup-java@v4 with: - java-version: "1.8" - # distribution: zulu + java-version: "8.0.422" + distribution: zulu # java-version: ${{ github.event.inputs.java_version }} - server-id: ossrh - server-username: ${{ secrets.OSSRH_USERNAME }} - server-password: ${{ secrets.OSSRH_PASSWORD }} - gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import - gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # env variable for GPG private key passphrase + # server-id: ossrh + # server-username: ${{ secrets.OSSRH_USERNAME }} + # server-password: ${{ secrets.OSSRH_PASSWORD }} + # gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import + # gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # env variable for GPG private key passphrase - name: Create env id: create-env @@ -42,11 +42,11 @@ jobs: json: ${{ secrets.TEST_CREDENTIALS_FILE_STRING }} - name: Compile Package - run: mvn clean install - env: - SERVER_USERNAME: ${{ secrets.OSSRH_USERNAME }} - SERVER_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + run: mvn -B package -DTEST_VAULT_ID=${{ secrets.TEST_VAULT_ID }} -DTEST_VAULT_URL=${{ secrets.TEST_VAULT_URL }} -DTEST_SKYFLOW_ID=${{ secrets.TEST_SKYFLOW_ID }} -DTEST_TOKEN=${{ secrets.TEST_TOKEN }} -DTEST_CREDENTIALS=${{ secrets.TEST_CREDENTIALS_FILE_STRING }} -DTEST_EXPIRED_TOKEN=${{ secrets.TEST_EXPIRED_TOKEN }} -DTEST_REUSABLE_TOKEN=${{ secrets.TEST_REUSABLE_TOKEN }} -DSKYFLOW_CREDENTIALS=${{ secrets.SKYFLOW_CREDENTIALS }} -f pom.xml + # env: + # SERVER_USERNAME: ${{ secrets.OSSRH_USERNAME }} + # SERVER_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + # GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # - name: Endor Labs SCA Scan # uses: endorlabs/github-action@main From 81284884b5f014c9bd4d2804428e78b35864a2b3 Mon Sep 17 00:00:00 2001 From: skyflow-vivek Date: Mon, 6 Jan 2025 12:01:02 +0530 Subject: [PATCH 5/5] SK-1633 Fix workflow failures --- .github/workflows/endorlabsScan.yml | 32 +++++++++-------------------- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/.github/workflows/endorlabsScan.yml b/.github/workflows/endorlabsScan.yml index 85a8c877..0a3db667 100644 --- a/.github/workflows/endorlabsScan.yml +++ b/.github/workflows/endorlabsScan.yml @@ -1,8 +1,6 @@ name: Endor Labs Scan Java Project on: - pull_request: - branches: [main] workflow_dispatch: inputs: java_version: @@ -17,14 +15,8 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-java@v4 with: - java-version: "8.0.422" distribution: zulu - # java-version: ${{ github.event.inputs.java_version }} - # server-id: ossrh - # server-username: ${{ secrets.OSSRH_USERNAME }} - # server-password: ${{ secrets.OSSRH_PASSWORD }} - # gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import - # gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # env variable for GPG private key passphrase + java-version: ${{ github.event.inputs.java_version }} - name: Create env id: create-env @@ -43,17 +35,13 @@ jobs: - name: Compile Package run: mvn -B package -DTEST_VAULT_ID=${{ secrets.TEST_VAULT_ID }} -DTEST_VAULT_URL=${{ secrets.TEST_VAULT_URL }} -DTEST_SKYFLOW_ID=${{ secrets.TEST_SKYFLOW_ID }} -DTEST_TOKEN=${{ secrets.TEST_TOKEN }} -DTEST_CREDENTIALS=${{ secrets.TEST_CREDENTIALS_FILE_STRING }} -DTEST_EXPIRED_TOKEN=${{ secrets.TEST_EXPIRED_TOKEN }} -DTEST_REUSABLE_TOKEN=${{ secrets.TEST_REUSABLE_TOKEN }} -DSKYFLOW_CREDENTIALS=${{ secrets.SKYFLOW_CREDENTIALS }} -f pom.xml - # env: - # SERVER_USERNAME: ${{ secrets.OSSRH_USERNAME }} - # SERVER_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - # GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - # - name: Endor Labs SCA Scan - # uses: endorlabs/github-action@main - # with: - # namespace: "skyflow" - # api: "https://api.endorlabs.com" - # pr: false - # enable_github_action_token: true - # scan_dependencies: true - # additional_args: "--as-default-branch --call-graph-languages=java" + - name: Endor Labs SCA Scan + uses: endorlabs/github-action@main + with: + namespace: "skyflow" + api: "https://api.endorlabs.com" + pr: false + enable_github_action_token: true + scan_dependencies: true + additional_args: "--as-default-branch --call-graph-languages=java"