Skip to content

Commit 0531f2a

Browse files
shanmugapriya-trshanmugapriya-tr
authored
Ruby erlang (#36)
* Added support for ruby-erlang Signed-off-by: shanmugapriya-tr <shanmugapriya.tiruchengoderamanathan@progress.com> * Add debug output for language parameter and HEX detector exclusion * Use ruby-erlang branch for sbom workflow to include HEX detector exclusion * Fix BlackDuck policy violation count parsing to extract correct numbers --------- Signed-off-by: shanmugapriya-tr <shanmugapriya.tiruchengoderamanathan@progress.com>
1 parent ecb2c5d commit 0531f2a

1 file changed

Lines changed: 30 additions & 10 deletions

File tree

.github/workflows/sbom.yml

Lines changed: 30 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ on:
8383
type: boolean
8484
default: false
8585
language:
86-
description: 'Primary programming language of the project, used for SBOM enrichment (e.g., "ruby", "go", "python")'
86+
description: 'Primary programming language of the project, used for SBOM enrichment (e.g., "ruby", "go", "python", "erlang", "ruby-erlang")'
8787
required: false
8888
type: string
8989
default: 'ruby'
@@ -234,15 +234,15 @@ jobs:
234234
uses: actions/checkout@v6
235235

236236
- name: Set up Ruby and run bundle install
237-
if: inputs.language == 'ruby'
237+
if: inputs.language == 'ruby' || inputs.language == 'ruby-erlang'
238238
uses: ruby/setup-ruby@v1
239239
with:
240240
ruby-version: '3.4.2'
241241
bundler-cache: false
242242
working-directory: ${{ inputs.ruby-app-directory != '' && inputs.ruby-app-directory || '.' }}
243243

244244
- name: Configure Bundler for private Ruby gems
245-
if: ${{ inputs.run-bundle-install == true && inputs.language == 'ruby' }}
245+
if: ${{ inputs.run-bundle-install == true && (inputs.language == 'ruby' || inputs.language == 'ruby-erlang') }}
246246
run: |
247247
if [ -z "${{ secrets.PRIVATE_ACCESS_KITCHEN_CHEF_ENTERPRISE }}" ]; then
248248
echo "Skipping: PRIVATE_ACCESS_KITCHEN_CHEF_ENTERPRISE secret not configured or not in scope"
@@ -251,20 +251,28 @@ jobs:
251251
bundle config set --local github.com "x-access-token:${{ secrets.PRIVATE_ACCESS_KITCHEN_CHEF_ENTERPRISE }}"
252252
253253
- name: Set up Erlang/OTP and rebar3
254-
if: inputs.language == 'erlang'
254+
if: inputs.language == 'erlang' || inputs.language == 'ruby-erlang'
255255
uses: erlef/setup-beam@v1
256256
with:
257257
otp-version: '25.3.2.16'
258258
rebar3-version: '3.22.0'
259259

260+
- name: Verify rebar3 installation and add to PATH
261+
if: inputs.language == 'erlang' || inputs.language == 'ruby-erlang'
262+
run: |
263+
echo "Checking for rebar3..."
264+
which rebar3 || echo "rebar3 not found in PATH"
265+
rebar3 version || echo "rebar3 command failed"
266+
echo "PATH: $PATH"
267+
260268
- name: Configure git for private Go modules
261269
if : ${{ inputs.go-private-modules != '' }}
262270
env:
263271
GOPRIVATE: ${{ inputs.go-private-modules }}
264272
run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/"
265273

266274
- name: generate Gemfile.lock if needed for Ruby projects
267-
if: ${{ inputs.run-bundle-install == true && inputs.language == 'ruby' }}
275+
if: ${{ inputs.run-bundle-install == true && (inputs.language == 'ruby' || inputs.language == 'ruby-erlang') }}
268276
continue-on-error: true
269277
working-directory: ${{ inputs.ruby-app-directory != '' && inputs.ruby-app-directory || '.' }}
270278
run: |
@@ -273,7 +281,7 @@ jobs:
273281
fi
274282
275283
- name: attach artifact for Gemfile.lock for debugging
276-
if: ${{ inputs.language == 'ruby' }}
284+
if: ${{ inputs.language == 'ruby' || inputs.language == 'ruby-erlang' }}
277285
uses: actions/upload-artifact@v4
278286
continue-on-error: true
279287
with:
@@ -283,9 +291,20 @@ jobs:
283291
- name: Construct BlackDuck detect arguments
284292
id: detect-args
285293
run: |
294+
echo "DEBUG: Language parameter is: ${{ inputs.language }}"
295+
286296
# Start with base arguments (always exclude PIP detector)
287297
DETECT_ARGS="--detect.excluded.detector.types=PIP"
288298
299+
# For Erlang projects, also exclude HEX detector if rebar3 setup fails
300+
# The Signature Scanner will still scan the code
301+
if [[ "${{ inputs.language }}" == "erlang" || "${{ inputs.language }}" == "ruby-erlang" ]]; then
302+
echo "DEBUG: Excluding HEX detector for Erlang project"
303+
DETECT_ARGS="--detect.excluded.detector.types=PIP,HEX"
304+
else
305+
echo "DEBUG: Not an Erlang project, keeping default exclusions"
306+
fi
307+
289308
# Add timeout configurations to prevent FAILURE_TIMEOUT errors
290309
DETECT_ARGS="${DETECT_ARGS} --detect.timeout=1800"
291310
@@ -339,7 +358,7 @@ jobs:
339358
# Persists a baseline to the BlackDuck server so PR scans can diff against it.
340359
- name: BlackDuck SCA Full Scan
341360
id: blackduck-full-scan
342-
if: ${{ inputs.github-event-name != 'pull_request' }}
361+
if: ${{ inputs.github-event-name != 'pull_request' || inputs.github-event-name == 'workflow_dispatch' }}
343362
uses: blackduck-inc/black-duck-security-scan@v2.1.1
344363
continue-on-error: false
345364
env:
@@ -403,9 +422,10 @@ jobs:
403422
[ "${OTHER_COUNT:-0}" -gt 0 ] && CRITICAL_COUNT=$((CRITICAL_COUNT + OTHER_COUNT))
404423
elif grep -q "Policy Severity counts:" "$BRIDGE_LOG"; then
405424
# Full scan
406-
BLOCKER_COUNT=$(grep "severity level of BLOCKER" "$BRIDGE_LOG" | grep -oE '^[0-9]+' || echo 0)
407-
CRITICAL_COUNT=$(grep "severity level of CRITICAL" "$BRIDGE_LOG" | grep -oE '^[0-9]+' || echo 0)
408-
MAJOR_COUNT=$(grep "severity level of MAJOR" "$BRIDGE_LOG" | grep -oE '^[0-9]+' || echo 0)
425+
# Example log line: "--- Black Duck found: 1 component in violation (Policy Severity counts: 1 match has a severity level of UNSPECIFIED, 0 matches have a severity level of BLOCKER"
426+
BLOCKER_COUNT=$(grep "severity level of BLOCKER" "$BRIDGE_LOG" | grep -oE '[0-9]+ matches have a severity level of BLOCKER' | grep -oE '^[0-9]+' || echo 0)
427+
CRITICAL_COUNT=$(grep "severity level of CRITICAL" "$BRIDGE_LOG" | grep -oE '[0-9]+ matches have a severity level of CRITICAL' | grep -oE '^[0-9]+' || echo 0)
428+
MAJOR_COUNT=$(grep "severity level of MAJOR" "$BRIDGE_LOG" | grep -oE '[0-9]+ matches have a severity level of MAJOR' | grep -oE '^[0-9]+' || echo 0)
409429
else
410430
echo "⚠️ No policy violation summary found in bridge.log"
411431
exit 0

0 commit comments

Comments
 (0)