Merge pull request #11 from veracode/addWorkflowAppSupport

Add workflow app support
veracode · Feb 12, 2024 · 32aa58d · 32aa58d
2 parents 6a8dfa3 + 7dffa1a
commit 32aa58d
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 30 deletions.
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,4 @@ Archive.zip
 package-lock.json
 .DS_Store
 Archive.zip
+.DS_Store
diff --git a/action.yml b/action.yml
@@ -22,6 +22,9 @@ inputs:
   source_base_path_3:
     description: 'Rewrite 3'
     required: false
+  repo_owner:
+    description: 'repo owner'
+    required: false
   fail_build:
     description: fail pipeline upon findings (true | false)
     required: false

diff --git a/importer.js b/importer.js
@@ -66,6 +66,7 @@ async function importFlaws(options) {
 
     label.buildSeverityXref();          // TODO: cleanup, merge into label init?
 
+
     // process the flaws
     if(scanType == 'pipeline') {
         await processPipelineFlaws(options, flawData)

diff --git a/index.js b/index.js
@@ -20,24 +20,44 @@ try {
     const commit_hash = process.env.GITHUB_SHA;
     console.log('resultsFile: '+resultsFile+'\nwaitTime: '+waitTime+'\nsource_base_path_1: '+source_base_path_1+'\nsource_base_path_2: '+source_base_path_2+'\nsource_base_path_3: '+source_base_path_3+'\ncommit_hash: '+commit_hash+'\ndebug: '+debug)
 
+
+    let owner
+    let repo
+
     // other params
-    const owner = github.context.repo.owner;
-    const repo = github.context.repo.repo;
+    if ( core.getInput('repo_owner') && core.getInput('repo_name') ){
+        owner = core.getInput('repo_owner');
+        console.log('Owner: '+core.getInput('repo_owner'))
+        repo = core.getInput('repo_name');
+        console.log('Repo: '+core.getInput('repo_name'))
+    }
+    else {
+        owner = github.context.repo.owner;
+        repo = github.context.repo.repo;
+    }
 
-    core.info('check if we run on a pull request')
-    let pullRequest = process.env.GITHUB_REF
+    console.log('owner = '+owner);
+    console.log('repo = '+repo);
 
-    if ( debug == "true" ){
-        core.info('#### DEBUG START ####')
-        core.info('index.js')
-        core.info(pullRequest)
-        core.info(JSON.stringify(process.env))
-        core.info('#### DEBUG END ####')
+    if ( core.getInput('repo_owner') && core.getInput('repo_name') ){
+        isPR = 0
     }
-    const isPR = pullRequest.indexOf("pull")
+    else {
+        core.info('check if we run on a pull request')
+        let pullRequest = process.env.GITHUB_REF
 
-    var pr_context
-    var pr_commentID
+        if ( debug == "true" ){
+            core.info('#### DEBUG START ####')
+            core.info('index.js')
+            core.info(pullRequest)
+            core.info(JSON.stringify(process.env))
+            core.info('#### DEBUG END ####')
+        }
+        const isPR = pullRequest.indexOf("pull")
+
+        var pr_context
+        var pr_commentID
+    }
 
 
    if ( isPR >= 1 ){

diff --git a/issue.js b/issue.js
@@ -29,7 +29,7 @@ async function addVeracodeIssue(options, issue) {
         data: {
             "title": issue.title,
             "labels": [label.severityToLabel(issue.severity), issue.label],
-            "body": issue.body
+            "body": issue.body+`/nDon't know how to fix this? Don't know why this was reported?<br><a href="http://www.veracode.com">Get Assistance from Veracode</a>`
         }
     })
     .then( async result => {
@@ -41,22 +41,22 @@ async function addVeracodeIssue(options, issue) {
             console.log("isPr?: "+options.isPR)
             core.info('#### DEBUG END ####')
         }
-        const mailToLink = buildMailToLink(
-            `https://github.com/${githubOwner}/${githubRepo}/issues/${issue_number}`,
-            issue.flaw
-        );
-        await request('POST /repos/{owner}/{repo}/issues/{issue_number}/comments', {
-            headers: {
-                authorization: authToken
-            },
-            owner: githubOwner,
-            repo: githubRepo,
-            issue_number: issue_number,
-            data: {
-                "body": `Don't know how to fix this? Don't know why this was reported?<br>
-                <a href="${mailToLink}">Get Assistance from Veracode</a>`
-            }
-        });
+//        const mailToLink = buildMailToLink(
+//            `https://github.com/${githubOwner}/${githubRepo}/issues/${issue_number}`,
+//            issue.flaw
+//        );
+//        await request('POST /repos/{owner}/{repo}/issues/{issue_number}/comments', {
+//            headers: {
+//                authorization: authToken
+//            },
+//            owner: githubOwner,
+//            repo: githubRepo,
+//            issue_number: issue_number,
+//            data: {
+//                "body": `Don't know how to fix this? Don't know why this was reported?<br>
+//                <a href="${mailToLink}">Get Assistance from Veracode</a>`
+//            }
+//        });
         if ( issue.pr_link != "" && options.isPR >=1 ){
             console.log('Running on a PR, adding PR to the issue.')
             //console.log('pr_link: '+issue.pr_link+'\nissue_number: '+issue_number)