Publish tool definitions #587
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '5 3 * * *' | |
| push: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| name: Publish tool definitions | |
| jobs: | |
| setup: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.setup.outputs.matrix }} | |
| steps: | |
| - name: Setup | |
| id: setup | |
| env: | |
| CONFIG: >- | |
| [ | |
| { | |
| "toolName": "fod-uploader", | |
| "toolRepo": "fod-dev/fod-uploader-java", | |
| "assetRegex": "FodUpload\\.jar", | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*": "java" | |
| } | |
| }, | |
| { | |
| "toolName": "fcli", | |
| "toolRepo": "fortify/fcli", | |
| "assetRegex": "(fcli-linux\\.tgz|fcli-mac\\.tgz|fcli-windows\\.zip|fcli\\.jar)", | |
| "tagRegex": "v\\d+\\.\\d+\\.\\d+", | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*fcli.jar": "java", | |
| ".*linux.tgz": "linux/x64", | |
| ".*mac.tgz": "darwin/x64", | |
| ".*windows.zip": "windows/x64" | |
| } | |
| }, | |
| { | |
| "toolName": "bugtracker-utility", | |
| "toolRepo": "fortify-ps/FortifyBugTrackerUtility", | |
| "assetRegex": "FortifyBugTrackerUtility-.*\\.zip", | |
| "semver": "major", | |
| "tagMappings": { "(\\d+\\.\\d+)": "$1.0" }, | |
| "binaryPlatforms": { | |
| ".*": "java" | |
| } | |
| }, | |
| { | |
| "toolName": "vuln-exporter", | |
| "toolRepo": "fortify/FortifyVulnerabilityExporter", | |
| "assetRegex": "FortifyVulnerabilityExporter\\.zip", | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*": "java" | |
| } | |
| }, | |
| { | |
| "toolName": "debricked-cli", | |
| "toolRepo": "debricked/cli", | |
| "tagRegex": "v.*", | |
| "assetRegex": "cli_.*\\.tar\\.gz", | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*linux_arm64.*": "linux/arm64", | |
| ".*linux_i386.*": "linux/x86", | |
| ".*linux_x86_64.*": "linux/x64", | |
| ".*(macos|darwin)_arm64.*": "darwin/arm64", | |
| ".*(macos|darwin)_x86_64.*": "darwin/x64", | |
| ".*windows_arm64.*": "windows/arm64", | |
| ".*windows_i386.*": "windows/x86", | |
| ".*windows_x86_64.*": "windows/x64" | |
| } | |
| }, | |
| { | |
| "toolName": "sc-client", | |
| "toolUrls": { | |
| "24.4.1": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_24.4.1_x64.zip"], | |
| "24.4.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_24.4.0_x64.zip"], | |
| "24.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_24.2.0_x64.zip"], | |
| "23.2.1": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_23.2.1_x64.zip"], | |
| "23.1.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_23.1.0_x64.zip"], | |
| "22.2.1": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.2.1_x64.zip"], | |
| "22.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.2.0_x64.zip"], | |
| "22.1.2": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.1.2_x64.zip"], | |
| "22.1.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.1.0_x64.zip"], | |
| "21.2.3": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.3_x64.zip"], | |
| "21.2.2": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.2_x64.zip"], | |
| "21.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.0_x64.zip"], | |
| "21.1.4": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.4_x64.zip"], | |
| "21.1.3": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.3_x64.zip"], | |
| "21.1.2": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.2_x64.zip"], | |
| "21.1.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.0_x64.zip"], | |
| "20.2.4": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.2.4_x64.zip"], | |
| "20.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.2.0_x64.zip"], | |
| "20.1.6": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.1.6_x64.zip"], | |
| "20.1.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.1.0_x64.zip"] | |
| }, | |
| "semver": "minor", | |
| "binaryPlatforms": { | |
| ".*": "java" | |
| }, | |
| "extraVersionProperties": { | |
| "24.*": {"jre": "17"}, | |
| "23.*": {"jre": "11"}, | |
| "22.*": {"jre": "11"}, | |
| "21.*": {"jre": "11"}, | |
| "20.*": {"jre": "8"} | |
| } | |
| }, | |
| { | |
| "toolName": "jre", | |
| "toolUrls": { | |
| "21.0.5": [ | |
| "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.5%2B11/OpenJDK21U-jre_x64_linux_hotspot_21.0.5_11.tar.gz", | |
| "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.5%2B11/OpenJDK21U-jre_aarch64_mac_hotspot_21.0.5_11.tar.gz", | |
| "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.5%2B11/OpenJDK21U-jre_x64_windows_hotspot_21.0.5_11.zip" | |
| ], | |
| "17.0.9": [ | |
| "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.9%2B9.1/OpenJDK17U-jre_x64_windows_hotspot_17.0.9_9.zip", | |
| "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.9%2B9/OpenJDK17U-jre_aarch64_mac_hotspot_17.0.9_9.tar.gz", | |
| "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.9%2B9/OpenJDK17U-jre_x64_linux_hotspot_17.0.9_9.tar.gz" | |
| ], | |
| "11.0.25": [ | |
| "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_aarch64_mac_hotspot_11.0.25_9.tar.gz", | |
| "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_x64_linux_hotspot_11.0.25_9.tar.gz", | |
| "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_x64_windows_hotspot_11.0.25_9.zip" | |
| ], | |
| "8.0.432": [ | |
| "https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_mac_hotspot_8u432b06.tar.gz", | |
| "https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_linux_hotspot_8u432b06.tar.gz", | |
| "https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windows_hotspot_8u432b06.zip" | |
| ] | |
| }, | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*aarch64_mac.*": "darwin/arm64", | |
| ".*x64_linux.*": "linux/x64", | |
| ".*x64_mac.*": "darwin/x64", | |
| ".*x64_windows.*": "windows/x64" | |
| } | |
| } | |
| ] | |
| run: echo "matrix=$(jq -r -c . <<< "$CONFIG")" >> $GITHUB_OUTPUT | |
| - name: Check | |
| run: jq . <<< '${{ steps.setup.outputs.matrix }}' | |
| generate-tool-definitions: | |
| needs: setup | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # Give the default GITHUB_TOKEN write permission to commit and push the | |
| # added or changed files to the repository. | |
| contents: write | |
| strategy: | |
| max-parallel: 1 | |
| fail-fast: false | |
| matrix: | |
| include: ${{ fromJson(needs.setup.outputs.matrix)}} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: git pull | |
| - name: Check | |
| env: | |
| MATRIX: ${{ toJSON(matrix) }} | |
| TOOL_NAME: ${{ fromJSON(toJSON(matrix)).toolName }} | |
| TOOL_REPO: ${{ fromJSON(toJSON(matrix)).toolRepo }} | |
| run: | | |
| echo "MATRIX: $(jq -r -c '.' <<< "$MATRIX")" | |
| echo "TOOL_NAME: [$TOOL_NAME]" | |
| echo "TOOL_REPO: [$TOOL_REPO]" | |
| - name: Generate tool definitions | |
| uses: ./internal/generator | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| toolName: ${{ fromJSON(toJSON(matrix)).toolName }} | |
| toolRepo: ${{ fromJSON(toJSON(matrix)).toolRepo }} | |
| toolUrls: ${{ toJSON(fromJSON(toJSON(matrix)).toolUrls) }} | |
| tagRegEx: ${{ fromJSON(toJSON(matrix)).tagRegex }} | |
| assetRegex: ${{ fromJSON(toJSON(matrix)).assetRegex }} | |
| signKey: ${{ secrets.SIGN_KEY }} | |
| signPassphrase: ${{ secrets.SIGN_PASSPHRASE }} | |
| semver: ${{ fromJSON(toJSON(matrix)).semver }} | |
| binaryPlatforms: ${{ toJSON(fromJSON(toJSON(matrix)).binaryPlatforms) }} | |
| tagMappings: ${{ toJSON(fromJSON(toJSON(matrix)).tagMappings) }} | |
| extraVersionProperties: ${{ toJSON(fromJSON(toJSON(matrix)).extraVersionProperties) }} | |
| - uses: stefanzweifel/git-auto-commit-action@v5 | |
| with: | |
| commit_message: "chore: Update cache & tool definitions" | |
| publish-zip: | |
| needs: generate-tool-definitions | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| permissions: | |
| # Give the default GITHUB_TOKEN write permission to commit and push the | |
| # added or changed files to the repository. | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: restore timestamps | |
| uses: chetan/git-restore-mtime-action@v2 | |
| - name: Generate v1 zip-file | |
| run: | | |
| git pull | |
| cd v1 | |
| zip -r tool-definitions.yaml.zip *.yaml | |
| - name: Update v1 tag | |
| uses: richardsimko/update-tag@v1 | |
| with: | |
| tag_name: v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Release | |
| uses: ncipollo/[email protected] | |
| with: | |
| allowUpdates: true | |
| artifacts: v1/* | |
| omitBody: true | |
| replacesArtifacts: true | |
| tag: v1 | |