Update Mend: high confidence minor and patch dependency updates #951
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Release Pipeline" | |
| on: | |
| push: | |
| branches: | |
| - v* | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| name: Release Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 17 | |
| architecture: x64 | |
| - name: Cache Maven packages | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| - id: reponame | |
| uses: ASzc/change-string-case-action@v6 | |
| with: | |
| string: ${{github.event.repository.name}} | |
| - id: orgname | |
| uses: ASzc/change-string-case-action@v6 | |
| with: | |
| string: ${{github.repository_owner}} | |
| - name: "Set labels for ${{ github.ref }}" | |
| run: | | |
| echo "WEBGOAT_TAG_VERSION=${{ github.ref_name }}" >> $GITHUB_ENV | |
| WEBGOAT_MAVEN_VERSION=${{ github.ref_name }} | |
| echo "WEBGOAT_MAVEN_VERSION=${WEBGOAT_MAVEN_VERSION:1}" >> $GITHUB_ENV | |
| echo ${{steps.reponame.outputs.lowercase}} | |
| - name: Build with Maven | |
| run: | | |
| mvn --no-transfer-progress versions:set -DnewVersion=${{ env.WEBGOAT_MAVEN_VERSION }} | |
| mvn --no-transfer-progress install -DskipTests | |
| - name: "Docker Build Release" | |
| if: startsWith(github.ref, 'refs/heads/v') || github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| uses: docker/[email protected] | |
| with: | |
| context: ./ | |
| file: ./Dockerfile | |
| push: false | |
| load: true | |
| tags: | | |
| ${{steps.orgname.outputs.lowercase}}/${{steps.reponame.outputs.lowercase}}:${{ env.WEBGOAT_TAG_VERSION }} | |
| ${{steps.orgname.outputs.lowercase}}/${{steps.reponame.outputs.lowercase}}:latest | |
| build-args: | | |
| webgoat_version=${{ env.WEBGOAT_MAVEN_VERSION }} | |
| - name: Mend CLI Scan on Release | |
| if: startsWith(github.ref, 'refs/heads/v') && github.event_name == 'push' | |
| env: | |
| MEND_EMAIL: ${{secrets.MEND_EMAIL}} | |
| MEND_USER_KEY: ${{secrets.MEND_USER_KEY}} | |
| MEND_URL: https://saas.mend.io | |
| run: | | |
| echo Downloading Mend CLI | |
| curl -LJO https://downloads.mend.io/production/unified/latest/linux_amd64/mend && chmod +x mend | |
| echo "Start Mend image scan" | |
| echo "Image Name:" ${{steps.orgname.outputs.lowercase}}/${{steps.reponame.outputs.lowercase}}:${{ env.WEBGOAT_TAG_VERSION }} | |
| ./mend image ${{steps.orgname.outputs.lowercase}}/${{steps.reponame.outputs.lowercase}}:${{ env.WEBGOAT_TAG_VERSION }} -s *//GH_${{github.event.repository.name}}//GH_${{github.event.repository.name}}_${{github.ref_name}} | |
| ./mend code -s *//GH_${{github.event.repository.name}}//GH_${{github.event.repository.name}}_${{github.ref_name}} -j 2 --js 2 | |
| - name: Mend CLI Image Scan on Main | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| env: | |
| MEND_EMAIL: ${{secrets.MEND_EMAIL}} | |
| MEND_USER_KEY: ${{secrets.MEND_USER_KEY}} | |
| MEND_URL: https://saas.mend.io | |
| run: | | |
| echo Downloading Mend CLI | |
| curl -LJO https://downloads.mend.io/production/unified/latest/linux_amd64/mend && chmod +x mend | |
| echo "Start Mend image scan" | |
| echo "Image Name:" ${{steps.orgname.outputs.lowercase}}/${{steps.reponame.outputs.lowercase}}:${{ env.WEBGOAT_TAG_VERSION }} | |
| ./mend image ${{steps.orgname.outputs.lowercase}}/${{steps.reponame.outputs.lowercase}}:${{ env.WEBGOAT_TAG_VERSION }} -s *//GH_${{github.event.repository.name}}//GH_${{github.event.repository.name}} |