diff --git a/.github/actions/sonatype-lifecycle-action/README.md b/.github/actions/sonatype-lifecycle-action/README.md new file mode 100644 index 0000000..d6c73d1 --- /dev/null +++ b/.github/actions/sonatype-lifecycle-action/README.md @@ -0,0 +1,50 @@ + + +# 🎟️ Performs a Sonatype Lifecycle (Nexus IQ) Scan + +Performs a Sonatype Lifecycle scan and uploads the results to the server. + +## sonatype-lifecycle-action + +## Usage Example + +Pass the required server and authentication details/credentials. +Other inputs are discretionary and set to useful defaults. + +```yaml +steps: + - name: "Run Sonatype Lifecycle scan" + # yamllint disable-line rule:line-length + uses: lfit/releng-reusable-workflows/.github/actions/sonatype-lifecycle-action@main + with: + NEXUS_IQ_SERVER: "${{ vars.NEXUS_IQ_SERVER }}" + NEXUS_IQ_USERNAME: "${{ vars.NEXUS_IQ_USERNAME }}" + NEXUS_IQ_PASSWORD: "${{ secrets.NEXUS_IQ_PASSWORD }}" +``` + +## Inputs + + + +| Variable Name | Required | Default | Description | +| ----------------- | -------- | ------------ | ------------------------------------------- | +| NEXUS_IQ_SERVER | True | N/A | JSON array of key/value pairs | +| NEXUS_IQ_USERNAME | True | N/A | Fixed preamble/string to embed/inject | +| NEXUS_IQ_PASSWORD | True | N/A | When set false, checks for presence | +| JAVA_DISTRIBUTION | False | "temurin" | JAVA SE distribution for the Nexus CLI tool | +| JAVA_VERSION | False | 17 | Java runtime for the Nexus CLI tool | +| IQ_CLI_VERSION | False | "1.179.0-01" | Specific version of Nexus CLI to setup/run | +| APPLICATION_ID | False | $org-$repo | Organisation and project name in Nexus IQ | +| SCAN_TARGETS | False | "." | Location of file(s) or folder(s) to scan | + + + +The APPLICATION_ID default is: + +`${{ github.repository_owner }}-${{ github.event.repository.name }}` + +Note: when testing in a fork this must be manually overridden for report +uploads to succeed. diff --git a/.github/actions/sonatype-lifecycle-action/action.yaml b/.github/actions/sonatype-lifecycle-action/action.yaml new file mode 100644 index 0000000..bad78c2 --- /dev/null +++ b/.github/actions/sonatype-lifecycle-action/action.yaml @@ -0,0 +1,58 @@ +--- +# SPDX-License-Identifier: Apache-2.0 +# SPDX-FileCopyrightText: 2024 The Linux Foundation + +# Runs a Sonatype Lifecycle (Nexus IQ) scan +name: "Sonatype Lifecycle Action" + +inputs: + JAVA_DISTRIBUTION: + description: "JAVA SE distribution to setup/run for Nexus CLI tool" + required: false + type: string + default: "temurin" + JAVA_VERSION: + description: "Java runtime to setup/run for Nexus CLI tool" + required: false + type: number + default: 17 + IQ_CLI_VERSION: + description: "Specific version of Nexus CLI to setup/run" + required: false + type: string + default: "1.179.0-01" + APPLICATION_ID: + description: "Organisation and project name in Nexus IQ" + required: false + type: string + default: ${{ github.repository_owner }}-${{ github.event.repository.name }} + SCAN_TARGETS: + description: "Location of file(s) or folder(s) to scan" + required: false + type: string + default: "." + NEXUS_IQ_PASSWORD: + description: "Nexus IQ Password" + required: true + +steps: + - name: Setup Sonatype CLI + uses: sonatype/actions/setup-iq-cli@v1 + with: + iq-cli-version: ${{ inputs.IQ_CLI_VERSION }} + + # Sonatype CLI requires Java to run + - name: Setup Java runtime + uses: actions/setup-java@v4 + with: + distribution: ${{ inputs.JAVA_DISTRIBUTION }} + java-version: ${{ inputs.JAVA_VERSION }} + + - name: Run Sonatype CLI + uses: sonatype/actions/run-iq-cli@v1 + with: + iq-server-url: ${{ vars.NEXUS_IQ_SERVER }} + username: ${{ vars.NEXUS_IQ_USERNAME }} + password: ${{ secrets.NEXUS_IQ_PASSWORD }} + application-id: ${{ inputs.APPLICATION_ID }} + scan-targets: ${{ inputs.SCAN_TARGETS }}