Merge pull request #3128 from mercedes-benz/gha_feature-3117-default-…

…to-client-1.5.0-v2 Gha feature default to client 1.5.0 v2 #3117
mercedes-benz · May 8, 2024 · 7fc03e2 · 7fc03e2
2 parents 14862ef + 2d85948
commit 7fc03e2
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 20 deletions.
diff --git a/.github/workflows/github-action-scan.yml b/.github/workflows/github-action-scan.yml
@@ -5,6 +5,8 @@ on:
  push:
  branches:
  - 'gha_*'
+ # enable manual triggering of workflow
+ workflow_dispatch:
 
 jobs:
  build-scan:
@@ -13,7 +15,7 @@ jobs:
 
  defaults:
  run:
- working-directory: ./github-actions/scan
+ working-directory: github-actions/scan
  steps:
  - name: Checkout
  uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
@@ -32,7 +34,7 @@ jobs:
  - name: Run unit tests
  run: npm test
 
- # We store git status - why? Here we see, if index.js has been changed - if so, a developer
+ # We store git status - why? Here we see if index.js has been changed - if so, a developer
  # forgot to commit the changes - means the action cannot be used productive! 
  - name: Store git status
  run: |
@@ -42,9 +44,9 @@ jobs:
  - name: Define integration test setup
  id : version-selector
  run: |
- echo "sechub_server_version=1.8.0" >> "$GITHUB_ENV"
+ echo "sechub_server_version=1.9.0" >> "$GITHUB_ENV"
  echo "sechub_server_port=8443" >> "$GITHUB_ENV"
- echo "pds_version=1.5.0" >> "$GITHUB_ENV"
+ echo "pds_version=1.6.0" >> "$GITHUB_ENV"
  echo "pds_port=8444" >> "$GITHUB_ENV"
 
  - name: Cache SecHub server download 
@@ -66,7 +68,6 @@ jobs:
  with:
  java-version: 17
  distribution: temurin
-
 
  - name: Start integration test servers
  working-directory: ./github-actions/scan/__test__/integrationtest/
@@ -110,6 +111,3 @@ jobs:
  ./github-actions/scan/sechub_report*.*
  ./sechub_report*.*
  retention-days: 14
-
-
-
diff --git a/github-actions/scan/README.adoc b/github-actions/scan/README.adoc
@@ -15,7 +15,7 @@ To be able to use this action you need a SecHub project. Check the https://merce
 
 [source,yaml]
 ----
-- uses: mercedes-benz/sechub/github-actions/scan@ae265a7015fcefc89027876029a50c8d149e0e51
+- uses: mercedes-benz/sechub/github-actions/scan@master
  with:
  # OPTIONAL: Path to sechub.json for manual configuration. If no value is set the input parameters will be used to create it for the scan.'
  config-path: 'sechub.json'
@@ -33,8 +33,8 @@ To be able to use this action you need a SecHub project. Check the https://merce
  project-name: ${{ secrets.SECHUB_PROJECT }}
 
  # OPTIONAL: Which version of the SecHub cli to use
- # DEFAULT: 1.4.0
- version: '1.4.0'
+ # DEFAULT: 1.5.0
+ version: '1.5.0'
  
  # OPTIONAL: A list of scan types that shall be used when a sechub configuration file is generated.
  # Allowed values: codeScan, secretScan and licenseScan - If you want other scan types you 
@@ -93,14 +93,18 @@ You can access them after the action has run with `${{ steps.<step-id>.outputs.<
 
 === Build
 
-To build the action locally you have to run this command:
+Make sure that you have installed https://nodejs.org/en/download/package-manager[Node.js]. +
+To build the action locally you have to run these commands:
 
 [source,npm]
 ----
+# Install dependencies
+npm install
+# Build
 npm run build
 ----
 
-This will run the `ncc` compiler and transpile the files from the src folder into the files from the dist folder.
+This runs the ncc compiler and transpiles the files from the src folder into the `dist/` folder.
 The dist files will be executed by the GitHub Action.
 
 It's necessary to execute the build after every change of the sources and you have to commit the changes in dist to git.
@@ -136,7 +140,7 @@ To enable full debug output in integration tests please execute following before
 export SECHUB_DEBUG=true
 ----
 
-==== Debug tests
+==== Debugging tests
 The unit and also the integration tests are written with `jest` test framework.
 
 ===== Setup

diff --git a/github-actions/scan/__test__/integrationtest.test.ts b/github-actions/scan/__test__/integrationtest.test.ts
@@ -376,4 +376,4 @@ function loadSpdxJsonReportAndAssertItContains(context: LaunchContext, textPart:
  const spdxJson = fs.readFileSync(spdxJsonPath, 'utf8');
 
  expect(spdxJson).toContain(textPart);
-}
+}
diff --git a/github-actions/scan/action.yml b/github-actions/scan/action.yml
@@ -19,9 +19,9 @@ inputs:
  description: 'SecHub project name'
  required: false
  version:
- description: 'Which version of the SecHub'
+ description: 'Which version of the SecHub client to use'
  required: false
- default: '1.4.0'
+ default: '1.5.0'
  scan-types: 
  description: 'Scan types to use for generated sechub configuration file (ignored in the case of a custom configuration file). Supported types are: codeScan, licenseScan and secretScan. Can be combined by ,'
  required: false

diff --git a/github-actions/scan/package-lock.json b/github-actions/scan/package-lock.json
diff --git a/github-actions/scan/package.json b/github-actions/scan/package.json
@@ -1,6 +1,6 @@
 {
  "name": "sechub-scan-action",
- "version": "1.0.0",
+ "version": "2.0.0",
  "description": "GitHub Action for SecHub scan",
  "main": "dist/main.js",
  "scripts": {