Publish tool definitions #1003
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '5 3 * * *' | |
| push: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| name: Publish tool definitions | |
| jobs: | |
| setup: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.setup.outputs.matrix }} | |
| steps: | |
| - name: Setup | |
| id: setup | |
| env: | |
| CONFIG: >- | |
| [ | |
| { | |
| "toolName": "fod-uploader", | |
| "toolRepo": "fod-dev/fod-uploader-java", | |
| "assetRegex": "FodUpload\\.jar", | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*": "java" | |
| } | |
| }, | |
| { | |
| "toolName": "fcli", | |
| "toolRepo": "fortify/fcli", | |
| "assetRegex": "(fcli-linux\\.tgz|fcli-mac\\.tgz|fcli-windows\\.zip|fcli\\.jar)", | |
| "tagRegex": "v\\d+\\.\\d+\\.\\d+", | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*fcli.jar": "java", | |
| ".*linux.tgz": "linux/x64", | |
| ".*mac.tgz": "darwin/arm64", | |
| ".*windows.zip": "windows/x64" | |
| } | |
| }, | |
| { | |
| "toolName": "bugtracker-utility", | |
| "toolRepo": "fortify-ps/FortifyBugTrackerUtility", | |
| "assetRegex": "FortifyBugTrackerUtility-.*\\.zip", | |
| "semver": "major", | |
| "tagMappings": { "(\\d+\\.\\d+)": "$1.0" }, | |
| "binaryPlatforms": { | |
| ".*": "java" | |
| } | |
| }, | |
| { | |
| "toolName": "vuln-exporter", | |
| "toolRepo": "fortify/FortifyVulnerabilityExporter", | |
| "assetRegex": "FortifyVulnerabilityExporter\\.zip", | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*": "java" | |
| } | |
| }, | |
| { | |
| "toolName": "debricked-cli", | |
| "toolRepo": "debricked/cli", | |
| "tagRegex": "v.*", | |
| "assetRegex": "cli_.*\\.tar\\.gz", | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*linux_arm64.*": "linux/arm64", | |
| ".*linux_i386.*": "linux/x86", | |
| ".*linux_x86_64.*": "linux/x64", | |
| ".*(macos|darwin)_arm64.*": "darwin/arm64", | |
| ".*(macos|darwin)_x86_64.*": "darwin/x64", | |
| ".*windows_arm64.*": "windows/arm64", | |
| ".*windows_i386.*": "windows/x86", | |
| ".*windows_x86_64.*": "windows/x64" | |
| } | |
| }, | |
| { | |
| "toolName": "sc-client", | |
| "toolUrls": { | |
| "26.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_26.2.0_x64.zip"], | |
| "25.4.1": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_25.4.1_x64.zip"], | |
| "25.4.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_25.4.0_x64.zip"], | |
| "25.2.1": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_25.2.1_x64.zip"], | |
| "25.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_25.2.0_x64.zip"], | |
| "24.4.1": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_24.4.1_x64.zip"], | |
| "24.4.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_24.4.0_x64.zip"], | |
| "24.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_24.2.0_x64.zip"], | |
| "23.2.1": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_23.2.1_x64.zip"], | |
| "23.1.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_23.1.0_x64.zip"], | |
| "22.2.1": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.2.1_x64.zip"], | |
| "22.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.2.0_x64.zip"], | |
| "22.1.2": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.1.2_x64.zip"], | |
| "22.1.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_22.1.0_x64.zip"], | |
| "21.2.3": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.3_x64.zip"], | |
| "21.2.2": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.2_x64.zip"], | |
| "21.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.0_x64.zip"], | |
| "21.1.4": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.4_x64.zip"], | |
| "21.1.3": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.3_x64.zip"], | |
| "21.1.2": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.2_x64.zip"], | |
| "21.1.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.1.0_x64.zip"], | |
| "20.2.4": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.2.4_x64.zip"], | |
| "20.2.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.2.0_x64.zip"], | |
| "20.1.6": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.1.6_x64.zip"], | |
| "20.1.0": ["https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_20.1.0_x64.zip"] | |
| }, | |
| "semver": "minor", | |
| "binaryPlatforms": { | |
| ".*": "java" | |
| }, | |
| "extraVersionProperties": { | |
| "26.*": {"jre": "17"}, | |
| "25.*": {"jre": "17"}, | |
| "24.*": {"jre": "17"}, | |
| "23.*": {"jre": "11"}, | |
| "22.*": {"jre": "11"}, | |
| "21.*": {"jre": "11"}, | |
| "20.*": {"jre": "8"} | |
| } | |
| }, | |
| { | |
| "toolName": "jre", | |
| "toolUrls": { | |
| "21.0.9": [ | |
| "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.9%2B10/OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz", | |
| "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.9%2B10/OpenJDK21U-jre_x64_alpine-linux_hotspot_21.0.9_10.tar.gz", | |
| "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.9%2B10/OpenJDK21U-jre_aarch64_mac_hotspot_21.0.9_10.tar.gz", | |
| "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.9%2B10/OpenJDK21U-jre_x64_windows_hotspot_21.0.9_10.zip" | |
| ], | |
| "17.0.9": [ | |
| "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.9%2B9/OpenJDK17U-jre_x64_linux_hotspot_17.0.9_9.tar.gz", | |
| "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.9%2B9/OpenJDK17U-jre_x64_alpine-linux_hotspot_17.0.9_9.tar.gz", | |
| "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.9%2B9/OpenJDK17U-jre_aarch64_mac_hotspot_17.0.9_9.tar.gz", | |
| "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.9%2B9.1/OpenJDK17U-jre_x64_windows_hotspot_17.0.9_9.zip" | |
| ], | |
| "11.0.31": [ | |
| "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.31%2B11/OpenJDK11U-jre_x64_linux_hotspot_11.0.31_11.tar.gz", | |
| "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.31%2B11/OpenJDK11U-jre_x64_alpine-linux_hotspot_11.0.31_11.tar.gz", | |
| "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.31%2B11/OpenJDK11U-jre_aarch64_mac_hotspot_11.0.31_11.tar.gz", | |
| "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.31%2B11/OpenJDK11U-jre_x64_windows_hotspot_11.0.31_11.zip" | |
| ], | |
| "8.0.492": [ | |
| "https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u492-b09/OpenJDK8U-jre_x64_linux_hotspot_8u492b09.tar.gz", | |
| "https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u492-b09/OpenJDK8U-jre_x64_alpine-linux_hotspot_8u492b09.tar.gz", | |
| "https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u492-b09/OpenJDK8U-jre_x64_mac_hotspot_8u492b09.tar.gz", | |
| "https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u492-b09/OpenJDK8U-jre_x64_windows_hotspot_8u492b09.zip" | |
| ] | |
| }, | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*aarch64_mac.*": "darwin/arm64", | |
| ".*x64_alpine-linux.*": "linux-musl/x64", | |
| ".*x64_linux.*": "linux/x64", | |
| ".*x64_mac.*": "darwin/x64", | |
| ".*x64_windows.*": "windows/x64" | |
| } | |
| }, | |
| { | |
| "toolName": "ai-assistant-extensions", | |
| "toolRepo": "fortify/skills", | |
| "assetRegex": "ai-assistant-extensions\\.zip", | |
| "tagRegex": "v\\d+\\.\\d+\\.\\d+", | |
| "semver": "major", | |
| "binaryPlatforms": { | |
| ".*": "default" | |
| } | |
| }, | |
| { | |
| "toolName": "ai-assistant-extensions-distribution", | |
| "dir": "ai-assistant-extensions-distribution" | |
| } | |
| ] | |
| run: echo "matrix=$(jq -r -c . <<< "$CONFIG")" >> $GITHUB_OUTPUT | |
| - name: Check | |
| run: jq . <<< '${{ steps.setup.outputs.matrix }}' | |
| generate-tool-definitions: | |
| needs: setup | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # Give the default GITHUB_TOKEN write permission to commit and push the | |
| # added or changed files to the repository. | |
| contents: write | |
| strategy: | |
| max-parallel: 1 | |
| fail-fast: false | |
| matrix: | |
| include: ${{ fromJson(needs.setup.outputs.matrix)}} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - run: git pull | |
| - name: Check | |
| env: | |
| MATRIX: ${{ toJSON(matrix) }} | |
| TOOL_NAME: ${{ fromJSON(toJSON(matrix)).toolName }} | |
| TOOL_REPO: ${{ fromJSON(toJSON(matrix)).toolRepo }} | |
| run: | | |
| echo "MATRIX: $(jq -r -c '.' <<< "$MATRIX")" | |
| echo "TOOL_NAME: [$TOOL_NAME]" | |
| echo "TOOL_REPO: [$TOOL_REPO]" | |
| - name: Generate tool definitions | |
| uses: ./internal/generator | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| toolName: ${{ fromJSON(toJSON(matrix)).toolName }} | |
| dir: ${{ fromJSON(toJSON(matrix)).dir }} | |
| toolRepo: ${{ fromJSON(toJSON(matrix)).toolRepo }} | |
| toolUrls: ${{ toJSON(fromJSON(toJSON(matrix)).toolUrls) }} | |
| tagRegEx: ${{ fromJSON(toJSON(matrix)).tagRegex }} | |
| assetRegex: ${{ fromJSON(toJSON(matrix)).assetRegex }} | |
| signKey: ${{ secrets.SIGN_KEY }} | |
| signPassphrase: ${{ secrets.SIGN_PASSPHRASE }} | |
| semver: ${{ fromJSON(toJSON(matrix)).semver }} | |
| binaryPlatforms: ${{ toJSON(fromJSON(toJSON(matrix)).binaryPlatforms) }} | |
| tagMappings: ${{ toJSON(fromJSON(toJSON(matrix)).tagMappings) }} | |
| extraVersionProperties: ${{ toJSON(fromJSON(toJSON(matrix)).extraVersionProperties) }} | |
| - uses: fortify/3rdparty-actions/actions/stefanzweifel/git-auto-commit-action/v7@main | |
| with: | |
| commit_message: "chore: Update cache & tool definitions" | |
| publish-zip: | |
| needs: generate-tool-definitions | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| permissions: | |
| # Give the default GITHUB_TOKEN write permission to commit and push the | |
| # added or changed files to the repository. | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: restore timestamps | |
| uses: fortify/3rdparty-actions/actions/chetan/git-restore-mtime-action/v2@main | |
| - name: Generate v1 zip-file | |
| run: | | |
| git pull | |
| cd v1 | |
| zip -r tool-definitions.yaml.zip *.yaml *.zip | |
| - name: Setup fcli v3 | |
| uses: fortify/github-action/setup@v3 | |
| with: | |
| fcli: v3 | |
| - name: Validate tool definitions | |
| id: validate-tool-definitions | |
| run: | | |
| fcli tool definitions update --source=v1/tool-definitions.yaml.zip | |
| failed="" | |
| for tool in fbtu dcli fcli fod-uploader sc-client fve; do | |
| fcli tool $tool install -v latest || failed="${failed:+$failed }$tool" | |
| done | |
| echo "failed_tools=$failed" >> $GITHUB_OUTPUT | |
| - name: Check tool installation failures | |
| if: steps.validate-tool-definitions.outputs.failed_tools != '' | |
| run: | | |
| for tool in ${{ steps.validate-tool-definitions.outputs.failed_tools }}; do | |
| echo "::error::Tool installation failed: $tool" | |
| done | |
| exit 1 | |
| - name: Update v1 tag | |
| uses: fortify/3rdparty-actions/actions/richardsimko/update-tag/v1@main | |
| with: | |
| tag_name: v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Release | |
| uses: fortify/3rdparty-actions/actions/ncipollo/release-action/v1@main | |
| with: | |
| allowUpdates: true | |
| artifacts: v1/* | |
| omitBody: true | |
| replacesArtifacts: true | |
| tag: v1 | |