Publish tool definitions #321

Workflow file for this run

.github/workflows/publish.yml at e8c3964

	on:
	workflow_dispatch:
	schedule:
	- cron: '5 3 * * *'
	push:
	branches:
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	permissions:
	contents: write
	pull-requests: write

	name: Publish tool definitions
	jobs:
	setup:
	runs-on: ubuntu-latest
	outputs:
	matrix: ${{ steps.setup.outputs.matrix }}
	steps:
	- name: Setup
	id: setup
	env:
	CONFIG: >-
	[
	{
	"toolName": "fod-uploader",
	"toolRepo": "fod-dev/fod-uploader-java",
	"assetRegex": "FodUpload\\.jar",
	"semver": "major",
	"binaryPlatforms": {
	".*": "java"
	}
	},
	{
	"toolName": "fcli",
	"toolRepo": "fortify/fcli",
	"assetRegex": "(fcli-linux\\.tgz\|fcli-mac\\.tgz\|fcli-windows\\.zip\|fcli\\.jar)",
	"semver": "major",
	"binaryPlatforms": {
	".*fcli.jar": "java",
	".*linux.tgz": "linux/x64",
	".*mac.tgz": "darwin/x64",
	".*windows.zip": "windows/x64"
	}
	},
	{
	"toolName": "bugtracker-utility",
	"toolRepo": "fortify-ps/FortifyBugTrackerUtility",
	"assetRegex": "FortifyBugTrackerUtility-.*\\.zip",
	"semver": "major",
	"tagMappings": { "(\\d+\\.\\d+)": "$1.0" },
	"binaryPlatforms": {
	".*": "java"
	}
	},
	{
	"toolName": "vuln-exporter",
	"toolRepo": "fortify/FortifyVulnerabilityExporter",
	"assetRegex": "FortifyVulnerabilityExporter\\.zip",
	"semver": "major",
	"binaryPlatforms": {
	".*": "java"
	}
	},
	{
	"toolName": "debricked-cli",
	"toolRepo": "debricked/cli",
	"assetRegex": "cli_.*\\.tar\\.gz",
	"semver": "major",
	"binaryPlatforms": {
	".linux_arm64.": "linux/arm64",
	".linux_i386.": "linux/x86",
	".linux_x86_64.": "linux/x64",
	".(macos\|darwin)_arm64.": "darwin/arm64",
	".(macos\|darwin)_x86_64.": "darwin/x64",
	".windows_arm64.": "windows/arm64",
	".windows_i386.": "windows/x86",
	".windows_x86_64.": "windows/x64"
	}
	},
	{
	"toolName": "sc-client",
	"toolUrls": {
	"24.2.0": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_24.2.0_x64.zip",
	"23.2.1": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_23.2.1_x64.zip",
	"23.1.0": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_23.1.0_x64.zip",
	"22.2.1": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.2.1_x64.zip",
	"22.2.0": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.2.0_x64.zip",
	"22.1.2": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.1.2_x64.zip",
	"22.1.0": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.1.0_x64.zip",
	"21.2.3": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.3_x64.zip",
	"21.2.2": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.2_x64.zip",
	"21.2.0": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.0_x64.zip",
	"21.1.4": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.4_x64.zip",
	"21.1.3": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.3_x64.zip",
	"21.1.2": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.2_x64.zip",
	"20.2.4": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.2.4_x64.zip",
	"20.2.0": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.2.0_x64.zip",
	"20.1.0": "https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.1.0_x64.zip"
	},
	"semver": "minor",
	"binaryPlatforms": {
	".*": "java"
	}
	}
	]
	run: echo "matrix=$(jq -r -c . <<< "$CONFIG")" >> $GITHUB_OUTPUT
	- name: Check
	run: jq . <<< '${{ steps.setup.outputs.matrix }}'

	generate-tool-definitions:
	needs: setup
	runs-on: ubuntu-latest
	permissions:
	# Give the default GITHUB_TOKEN write permission to commit and push the
	# added or changed files to the repository.
	contents: write
	strategy:
	max-parallel: 1
	fail-fast: false
	matrix:
	include: ${{ fromJson(needs.setup.outputs.matrix)}}
	steps:
	- uses: actions/checkout@v4
	- run: git pull
	- name: Check
	env:
	MATRIX: ${{ toJSON(matrix) }}
	TOOL_NAME: ${{ fromJSON(toJSON(matrix)).toolName }}
	TOOL_REPO: ${{ fromJSON(toJSON(matrix)).toolRepo }}
	run: \|
	echo "MATRIX: $(jq -r -c '.' <<< "$MATRIX")"
	echo "TOOL_NAME: [$TOOL_NAME]"
	echo "TOOL_REPO: [$TOOL_REPO]"
	- name: Generate tool definitions
	uses: ./internal/generator
	with:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	toolName: ${{ fromJSON(toJSON(matrix)).toolName }}
	toolRepo: ${{ fromJSON(toJSON(matrix)).toolRepo }}
	toolUrls: ${{ toJSON(fromJSON(toJSON(matrix)).toolUrls) }}
	tagRegEx: ${{ toJSON(fromJSON(toJSON(matrix)).tagRegex) }}
	assetRegex: ${{ fromJSON(toJSON(matrix)).assetRegex }}
	signKey: ${{ secrets.SIGN_KEY }}
	signPassphrase: ${{ secrets.SIGN_PASSPHRASE }}
	semver: ${{ fromJSON(toJSON(matrix)).semver }}
	binaryPlatforms: ${{ toJSON(fromJSON(toJSON(matrix)).binaryPlatforms) }}
	tagMappings: ${{ toJSON(fromJSON(toJSON(matrix)).tagMappings) }}
	- uses: stefanzweifel/git-auto-commit-action@v5
	with:
	commit_message: "chore: Update cache & tool definitions"

	publish-zip:
	needs: generate-tool-definitions
	runs-on: ubuntu-latest
	permissions:
	# Give the default GITHUB_TOKEN write permission to commit and push the
	# added or changed files to the repository.
	contents: write
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: restore timestamps
	uses: chetan/git-restore-mtime-action@v2
	- name: Generate v1 zip-file
	run: \|
	git pull
	cd v1
	zip -r tool-definitions.yaml.zip *.yaml
	- name: Update v1 tag
	uses: richardsimko/update-tag@v1
	with:
	tag_name: v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Create Release
	uses: ncipollo/release-action@v1.13.0
	with:
	allowUpdates: true
	artifacts: v1/*
	omitBody: true
	replacesArtifacts: true
	tag: v1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Publish tool definitions #321

Workflow file

Publish tool definitions #321

Jobs

Run details

Workflow file for this run