volvocars/powertrain-build
Code Issues Proposed changes
powertrain-build/roles/blackduck-run/tasks/main.yaml
Anton Lutteman b75de51122 Adding dependency scan 
Change-Id: I768004272e3f700af6ab6e42e95a5418dc977989
2024-08-26 15:04:43 +02:00

132 lines
4.0 KiB
YAML
Raw Permalink Blame History

---
- name: Run Blackduck
ansible.builtin.shell: >
bash detect8.sh
--detect.project.name={{ blackduck_project_name }}
--detect.project.version.name={{ blackduck_package_version }}
--blackduck.url={{ blackduck_url }}
--blackduck.api.token=$BLACKDUCK_TOKEN
--detect.blackduck.scan.mode={{ blackduck_scan_mode }}
--detect.policy.check.fail.on.severities={{ blackduck_fail_on_policy_violation }}
--detect.blackduck.signature.scanner.snippet.matching={{ blackduck_signature_scanner }}
--detect.risk.report.pdf={{ blackduck_run_risk_report }}
{{ blackduck_additional_arguments }} > blackduck_output.txt
args:
chdir: "{{ blackduck_workspace }}"
environment:
BLACKDUCK_TOKEN: "{{ blackduck_secret.token }}"
register: blackduck_result
no_log: true
failed_when: false
- name: Print Blackduck log
ansible.builtin.command: cat blackduck_output.txt
args:
chdir: "{{ blackduck_workspace }}"
register: blackduck_log
- name: Extract version using regex
set_fact:
blackduck_report_version: "{{ (blackduck_log | regex_search('versions/([^/]+)/components', '\\1'))[0] }}"
- name: Generate and fetch License Report
ansible.builtin.command: python3 roles/blackduck-run/files/report_script.py
args:
chdir: "{{ blackduck_workspace }}"
environment:
BLACKDUCK_TOKEN: "{{ blackduck_secret.token }}"
REPORT_VERSION: "{{ blackduck_report_version }}"
BLACKDUCK_URL: "{{ blackduck_url }}"
no_log: true
- name: Unpack license-report.zip
ansible.builtin.unarchive:
src: "{{ blackduck_workspace }}/license-report.zip"
dest: "{{ blackduck_workspace }}"
remote_src: true
- name: Find the notice file
ansible.builtin.find:
paths: "{{ blackduck_workspace }}"
patterns: "version-license_*.txt"
recurse: true
register: found_files
- name: Get notice file path
ansible.builtin.set_fact:
notice_file_path: "{{ found_files.files[0].path }}"
- name: Set notice file name
ansible.builtin.set_fact:
notice_file_name: "{{ notice_file_path.split('/')[-1] }}"
- name: Copy the notice file to blackduck workspace
ansible.builtin.copy:
src: "{{ notice_file_path }}"
dest: "{{ blackduck_workspace }}"
remote_src: true
- name: Replace NOTICE with new notice file
ansible.builtin.copy:
src: "{{ notice_file_path }}"
dest: "{{ blackduck_workspace }}/NOTICE"
remote_src: true
force: true
- name: Git diff NOTICE
ansible.builtin.command: git diff --ignore-space-at-eol NOTICE
args:
chdir: "{{ blackduck_workspace }}"
register: notice_diff
- name: Set diff diff_exists
ansible.builtin.set_fact:
diff_exists: "{{ notice_diff.stdout_lines | length > 0 }}"
- name: Save git diff
when: diff_exists
ansible.builtin.copy:
content: "{{ notice_diff.stdout }}"
dest: "{{ blackduck_workspace }}/notice_diff.txt"
- name: Copy Reports to zuul-output/logs
ansible.builtin.copy:
dest: "{{ ansible_user_dir }}/zuul-output/logs/"
src: "{{ zuul.project.src_dir }}/{{ item }}"
remote_src: true
loop:
- "powertrain_build_ci_BlackDuck_RiskReport.pdf"
- "{{ notice_file_name }}"
- "{{ 'notice_diff.txt' if diff_exists else '' }}"
when: item != ''
- name: Return artifact to Zuul
zuul_return:
data:
zuul:
artifacts:
- name: "{{ item }}"
url: "{{ item }}"
loop:
- "powertrain_build_ci_BlackDuck_RiskReport.pdf"
- "{{ notice_file_name }}"
- "{{ 'notice_diff.txt' if diff_exists else '' }}"
when: item != ''
- name: Fail blackduck
when: blackduck_result.rc != 0 or diff_exists
block:
- name: Inform user that Black Duck failed
ansible.builtin.debug:
msg: "Black Duck returned non 0 rc"
when: blackduck_result.rc != 0
- name: Inform user that NOTICE file has changed
ansible.builtin.debug:
msg: "NOTICE file has changed"
when: diff_exists
always:
- name: Fail the job
ansible.builtin.fail:
msg: "Failing the job because Black Duck failed or NOTICE file has changed"
View Git Blame Copy Permalink