payersync-be-test/.github/workflows/veracode.yml at main · vtem-rh/payersync-be-test · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: Veracode Pipeline Scan

on:
  schedule:
    - cron: '46 2 1 * *'

  workflow_dispatch:
    inputs:
      severity:
        description: 'Veracode severity to fail on'
        default: "VeryHigh,High"
        type: string
    secrets:
      VERACODE_API_ID:
        required: true
      VERACODE_API_KEY:
        required: true

jobs:
  pipeline_scan:
    name: Pipeline Scan
    runs-on: ubuntu-latest
    env:
      ASSET_NAME: 'payersync-onboarder-backend.zip'
    outputs:
      asset_name: ${{ steps.create-artifact.outputs.asset_name }}
    steps:
      - name: Check out branch
        uses: actions/checkout@v4
        with:
          fetch-depth: 1
          ref: ${{ github.ref }}

      - name: Prepare files to scan
        id: create-artifact
        run: |
          zip -9 -r "${{ env.ASSET_NAME }}" .
          echo "asset_name=${{ env.ASSET_NAME }}" >> $GITHUB_OUTPUT

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${{ env.ASSET_NAME }}
          path: .
          compression-level: 9
          overwrite: true
  call-deployment-workflow:
    uses: rectanglehealth/php-core-sdk/.github/workflows/veracode-pipeline-scan.yml@develop
    needs: pipeline_scan
    with:
      branch_name: ${{ github.ref_name }}
      asset_name: ${{ needs.pipeline_scan.outputs.asset_name }}
      veracode_app: payersync-onboarder-backend
      severity: ${{ inputs.severity || 'VeryHigh,High' }}
    secrets: inherit