diff --git a/.github/workflows/qwiet-prezero-workflow.yml b/.github/workflows/qwiet-prezero-workflow.yml index d0a304e5..3a318e4e 100644 --- a/.github/workflows/qwiet-prezero-workflow.yml +++ b/.github/workflows/qwiet-prezero-workflow.yml @@ -6,31 +6,35 @@ name: Qwiet on: pull_request: workflow_dispatch: - push: - # We recommend triggering a scan when merging to your default branch - # as a best practice, especially if you'd like to compare the results - # of two scans (e.g., a feature branch against the default branch) - branches: - - main - - master - + schedule: + # * is a special character in YAML so you have to quote this string + - cron: '0 11 * * 6' jobs: - ngsast-build: - runs-on: ubuntu-20.04 + NextGen-Static-Analysis: + runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 + + - name: Setup Java JDK v8 + uses: actions/setup-java@v3 + with: + distribution: zulu + java-version: 8 - - name: Download the Qwiet CLI and set permissions + - name: Download Qwiet CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - # Qwiet requires Java 1.8 - - name: Set up Java - uses: actions/setup-java@v1.4.3 - with: - java-version: 1.8 + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + + - name: preZero NextGen Static Analysis + run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --verbose --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} - - name: NextGen Static Analysis - run: ${GITHUB_WORKSPACE}/sl analyze --app shiftleft-python-demo-GH --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} . env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + SHIFTLEFT_API_HOST: www.shiftleft.io + SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 + SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443