diff --git a/.github/workflows/reusable-container-scan.yml b/.github/workflows/reusable-container-scan.yml index e41a87b..c2c0726 100644 --- a/.github/workflows/reusable-container-scan.yml +++ b/.github/workflows/reusable-container-scan.yml @@ -68,14 +68,16 @@ jobs: - name: Build container image run: docker build . --file ${{ inputs.image-definition }} --tag ${{ env.IMAGE_REF }} shell: bash - - name: Scan container image with NeuVector - if: ${{ inputs.neuvector-enabled }} - uses: neuvector/scan-action@main - with: - image-repository: ${{ inputs.image-path }}/${{ inputs.image-name }} - image-tag: ${{ inputs.image-tag }} - min-high-cves-to-fail: '${{ inputs.max-high-cves }}' - min-medium-cves-to-fail: '${{ inputs.max-medium-cves }}' + # deactivated 2026-02-22: "Build container for action use... process "/bin/sh -c zypper in -y jq docker && zypper clean" did not complete successfully: exit code: 8" + # - name: Scan container image with NeuVector + # if: ${{ inputs.neuvector-enabled }} + # uses: neuvector/scan-action@main + # with: + # image-repository: ${{ inputs.image-path }}/${{ inputs.image-name }} + # image-tag: ${{ inputs.image-tag }} + # min-high-cves-to-fail: '${{ inputs.max-high-cves }}' + # min-medium-cves-to-fail: '${{ inputs.max-medium-cves }}' + # nv-scanner-image: neuvector/scanner:5 - name: Scan container image with Trivy if: ${{ inputs.trivy-enabled }} uses: aquasecurity/trivy-action@master diff --git a/.github/workflows/reusable-dotnet-quality.yml b/.github/workflows/reusable-dotnet-quality.yml index 4f97cf9..00ff5f1 100644 --- a/.github/workflows/reusable-dotnet-quality.yml +++ b/.github/workflows/reusable-dotnet-quality.yml @@ -22,6 +22,11 @@ on: type: boolean required: false default: false + fossa-test: + description: Run FOSSA test on PR + type: boolean + required: false + default: false job-name: description: Job name type: string @@ -130,10 +135,16 @@ jobs: sonar-token: ${{ secrets.sonar-token }} - name: Check license compliance with FOSSA if: ${{ inputs.fossa-enabled }} - uses: fossas/fossa-action@v1 + uses: fossas/fossa-action@v1.8.0 + id: fossa with: api-key: "${{ secrets.fossa-api-key }}" - run-tests: false + run-tests: ${{ inputs.fossa-test && github.event_name == 'pull_request' }} + test-diff-revision: ${{ github.event.pull_request.base.sha }} + generate-report: html + - name: Create FOSSA report file + run: echo '${{ steps.fossa.outputs.report }}' > report/fossa.html + if: ${{ inputs.fossa-enabled }} - name: Generate SBOM with Syft uses: anchore/sbom-action@v0 # with: @@ -148,8 +159,10 @@ jobs: path: | ./**/*test-result.xml ./test/*/TestResults/*/coverage.cobertura.xml + ./**/failure_*.png* ./**/SonarQube.xml ./**/Summary.txt + ./**/fossa.html env: # https://docs.github.com/en/actions/reference/workflows-and-actions/contexts GITHUB_TOKEN: ${{ github.token }} diff --git a/actions/dotnet/build-test-sonar/action.yml b/actions/dotnet/build-test-sonar/action.yml index 89f873e..5826723 100644 --- a/actions/dotnet/build-test-sonar/action.yml +++ b/actions/dotnet/build-test-sonar/action.yml @@ -66,7 +66,7 @@ runs: /d:sonar.coverageReportPaths="${{ inputs.report-folder }}/SonarQube.xml" shell: bash - name: Build .NET solution - run: dotnet build --no-restore + run: dotnet build --no-restore --configuration Debug shell: bash - name: Run tests run: | diff --git a/actions/dotnet/build-test/action.yml b/actions/dotnet/build-test/action.yml index c1afcdc..cc2e2a6 100644 --- a/actions/dotnet/build-test/action.yml +++ b/actions/dotnet/build-test/action.yml @@ -11,7 +11,7 @@ runs: using: "composite" steps: - name: Build .NET code - run: dotnet build --no-restore + run: dotnet build --no-restore --configuration Debug shell: bash - name: Run .NET tests run: |