GHA changes (#63)

* gha-new-changes

* Update currency-build.yaml

* Update currency-build.yaml

* Update currency-build.yaml

* Update upload_file.sh

* Update upload_docker_image.sh

* Update upload_wheel.sh

* Update upload_docker_image.sh

* Update currency-build.yaml

* Update ca_config.py

* Update ca_config.py

* Update upload_file.sh

* Update upload_file.sh

* Update ca_config.py

* Update upload_wheel.sh

* Update upload_wheel.sh

* Update ca_config.py

* Update upload_docker_image.sh

* Update COSWrapper.py

* Update COSWrapper.py

* Update currency-build.yaml

* Update COSWrapper.py

* Update upload_docker_image.sh

* Update ca_config.py

* Update COSWrapper.py

* Update COSWrapper.py

* Update ca_config.py

---------

Co-authored-by: Vishwajeet-Rajopadhye1 <Vishwajeet-Rajopadhye1@ibm.com>

Author: vishwajeet-ibm

.github/workflows/currency-build.yaml

@@ -127,8 +127,8 @@ jobs:
 
 
       - name: Build Package
-        #env:
-          #CURRENCY_SERVICE_ID_API_KEY: ${{ secrets.CURRENCY_SERVICE_ID_API_KEY }}
+        env:
+          GHA_CURRENCY_SERVICE_ID_API_KEY: ${{ secrets.GHA_CURRENCY_SERVICE_ID_API_KEY }}
         run: |
           echo "Sourcing variable.sh and scanner-env.sh..........................................."
           source package-cache/variable.sh
@@ -154,8 +154,8 @@ jobs:
           bash ../gha-script/pre_process.sh
           cd $GITHUB_WORKSPACE
           gzip build_log
-         # chmod +x ./gha-script/upload-scripts/upload_file.sh
-         # bash ./gha-script/upload-scripts/upload_file.sh build_log.gz
+          chmod +x ./gha-script/upload-scripts/upload_file.sh
+          bash ./gha-script/upload-scripts/upload_file.sh build_log.gz
 
 
 
@@ -193,6 +193,7 @@ jobs:
           - python-version: "3.13"
             allow-failure: true
     env:
+      GHA_CURRENCY_SERVICE_ID_API_KEY: ${{ secrets.GHA_CURRENCY_SERVICE_ID_API_KEY }}
       PYTHON_VERSION: ${{ matrix.python-version }}
       PACKAGE_NAME: ${{ inputs.package_name }}
       VERSION: ${{ inputs.version }}
@@ -231,14 +232,14 @@ jobs:
           
         continue-on-error: ${{ matrix.allow-failure }}
 
-      # - name: Upload wheel artifact using custom script
-      #   run: |
-      #     WHEEL_FILE=*.whl
-      #     chmod +x ./gha-script/upload-scripts/upload_wheel.sh
-      #     bash ./gha-script/upload-scripts/upload_wheel.sh $WHEEL_FILE
-      #   continue-on-error: ${{ matrix.allow-failure }}
-
-      
+      - name: Upload wheel artifact using custom script
+        run: |
+          sudo chmod a+r *.whl
+          WHEEL_FILE=*.whl
+          chmod +x ./gha-script/upload-scripts/upload_wheel.sh
+          bash ./gha-script/upload-scripts/upload_wheel.sh $WHEEL_FILE
+        continue-on-error: ${{ matrix.allow-failure }}
+        
   source_scanner:
     needs: build
     if: ${{ inputs.validate_build_script == 'true' }}
@@ -306,11 +307,13 @@ jobs:
 
       - name: Upload Scanner Results
         env:
-          gha_currency_service_id_api_key_dev: ${{ secrets.gha_currency_service_id_api_key_dev }}
+          GHA_CURRENCY_SERVICE_ID_API_KEY: ${{ secrets.GHA_CURRENCY_SERVICE_ID_API_KEY }}
           PACKAGE_NAME: ${{ inputs.package_name }}
           VERSION: ${{ inputs.version }}
         run: |
           mkdir source
+          source package-cache/variable.sh
+          source package-cache/scanner-env.sh
           find source_trivy -mindepth 1 -exec mv -t source {} + 2>/dev/null || true
           find source_syft -mindepth 1 -exec mv -t source {} + 2>/dev/null || true
           find source_grype -mindepth 1 -exec mv -t source {} + 2>/dev/null || true
@@ -343,9 +346,13 @@ jobs:
           docker images
           
       - name: Upload Docker Image
+        env:
+          GHA_CURRENCY_SERVICE_ID_API_KEY: ${{ secrets.GHA_CURRENCY_SERVICE_ID_API_KEY }}
         run: |
-          #chmod +x ./gha-script/upload-scripts/upload_docker_image.sh
-          #bash ./gha-script/upload-scripts/upload_docker_image.sh
+          source package-cache/variable.sh
+          source package-cache/scanner-env.sh
+          chmod +x ./gha-script/upload-scripts/upload_docker_image.sh
+          bash ./gha-script/upload-scripts/upload_docker_image.sh
 
       - name: Upload package-cache with image.tar
         uses: actions/upload-artifact@v4
@@ -408,11 +415,63 @@ jobs:
           mv grype_image_sbom_results.json grype_image_vulnerabilities_results.json image_grype
 
       - name: Upload Image Scanner Results
+        env:
+          GHA_CURRENCY_SERVICE_ID_API_KEY: ${{ secrets.GHA_CURRENCY_SERVICE_ID_API_KEY }}
         run: |
           mkdir image
+          source package-cache/variable.sh
+          source package-cache/scanner-env.sh
           find image_trivy -mindepth 1 -exec mv -t image {} + 2>/dev/null || true
           find image_syft -mindepth 1 -exec mv -t image {} + 2>/dev/null || true
           find image_grype -mindepth 1 -exec mv -t image {} + 2>/dev/null || true
           tar cvzf image_scanner.tar.gz image
-          #chmod +x ./gha-script/upload-scripts/upload_file.sh
-          #bash ./gha-script/upload-scripts/upload_file.sh image_scanner.tar.gz
+          chmod +x ./gha-script/upload-scripts/upload_file.sh
+          bash ./gha-script/upload-scripts/upload_file.sh image_scanner.tar.gz
+
+  final_summary:
+      name: Final Summary Stage
+      needs: [build, source_scanner]
+      runs-on: ubuntu-24.04-ppc64le-p10
+    
+      steps:
+        - name: Checkout code
+          uses: actions/checkout@v4
+        - name: Download package-cache
+          uses: actions/download-artifact@v4
+          with:
+            name: package-cache
+            path: package-cache
+        
+        - name: Create and activate venv
+          run: |
+            python -m venv venv
+            source venv/bin/activate
+            python -m pip install --upgrade pip
+            pip install requests deprecated xlsxwriter packaging
+            
+            # Export environment variables
+            export PYTHONPATH=$(pwd):$(pwd)/process_bom/
+
+        - name: Summarize build results
+          env : 
+            PACKAGE_NAME: ${{ inputs.package_name }}
+            VERSION: ${{ inputs.version }}
+            IAM_WRITER_API_KEY: ${{ secrets.IAM_WRITER_API_KEY }}
+            SERVICE_INSTANCE_ID: ${{ secrets.SERVICE_INSTANCE_ID }}
+          run: |
+                echo "Sourcing variable.sh and scanner-env.sh..........................................."
+                chmod +x package-cache/variable.sh
+                chmod +x package-cache/scanner-env.sh
+                source package-cache/variable.sh
+                source package-cache/scanner-env.sh
+                echo "===== variable.sh ====="
+                cat package-cache/variable.sh
+                echo "===== scanner-env.sh ====="
+                cat package-cache/scanner-env.sh
+                echo "-------------package name : ${PACKAGE_NAME}--------------------"
+                echo "-------------version : ${VERSION}--------------------"
+                pwd
+                chmod +x process_bom/*.py || true
+                # Export environment variables
+                export PYTHONPATH="/tmp/_actions-runner-working-dir/build-scripts/build-scripts:/tmp/_actions-runner-working-dir/build-scripts/build-scripts/process_bom"
+                python -m process_bom.run_currency_processor

gha-script/scanner-scripts/scancode_wheel_scan.sh

@@ -0,0 +1,66 @@
+#!/bin/bash -e
+
+validate_build_script=$VALIDATE_BUILD_SCRIPT
+cloned_package=$CLONED_PACKAGE
+
+echo "----------Installing dependencies -----------------"
+sudo apt update -y && sudo apt install -y file git python3.12 python3.12-venv python3-pip python3.12-dev build-essential unzip patch wget tar libffi-dev zlib1g-dev libssl-dev libxml2-dev libxslt1-dev libicu-dev pkg-config
+
+echo "----------Installed dependencies -----------------"
+git clone https://github.com/nexB/scancode-toolkit.git
+cd scancode-toolkit
+git checkout v32.4.0
+echo "-------------- Create venv ------------------"
+python --version
+echo "========================================="
+python3.12 -m venv venv
+source venv/bin/activate
+python3.12 -m pip install --upgrade pip setuptools wheel typecode pyahocorasick 
+
+echo "--------------- Apply changes ----------------"
+sed -i '/typecode\[full\] >= 30\.0\.1/s/^/    # /' setup.cfg
+sed -i '/extractcode\[full\] >= 31\.0\.0/s/^/    # /' setup.cfg
+sed -i '/typecode\[full\] >= 30\.0\.0/s/^/    # /' setup.cfg
+
+echo "------------- Install scancode-toolkit ---------------"
+python3.12 -m pip install -e .
+python3.12 -m pip install click==8.0.4
+echo "------------- scancode version ---------------"
+scancode --version
+
+echo "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"
+cd ..
+ls 
+echo "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"
+cd package-cache/wheels
+
+
+for wheel in *.whl; do
+  echo "Processing: $wheel"
+  
+  base_name="${wheel%.whl}"  # Strip .whl extension
+  extract_dir="${base_name}_extract"
+  output_json="${base_name}_output.json"
+
+
+  echo "base name : $base_name"
+  echo "extract_dir : $extract_dir"
+  echo "output_json : $output_json"
+ 
+
+  # Unzip the wheel
+  unzip -q "$wheel" -d "$extract_dir"
+  echo "------------- unzippied wheel ------------------------------"
+  ls
+  
+  
+  # Run scancode
+  echo "------------------------------------------------------------"
+   ../../scancode-toolkit/venv/bin/scancode --license --package --json-pp "$output_json" "$extract_dir"
+
+  # Zip the result
+  echo "------------------------- output files ---------------------"
+  ls
+  echo "------------------------------------------------------------"
+  echo "Finished: $wheel"
+done

gha-script/upload-scripts/upload_docker_image.sh

@@ -1,13 +1,12 @@
 #!/bin/bash -e
-
-echo "$travis_currency_service_id_api_key" | docker login -u iamapikey --password-stdin icr.io
+echo "$GHA_CURRENCY_SERVICE_ID_API_KEY" | docker login -u iamapikey --password-stdin icr.io
 if [ $? -ne 0 ]; then
     echo "Docker login failed. Exiting script."
     exit 1
 fi
 package_name=$(echo $PACKAGE_NAME | tr '[:upper:]' '[:lower:]')
-docker tag $IMAGE_NAME icr.io/ose4power-packages/$package_name-ppc64le:$VERSION
-docker push icr.io/ose4power-packages/$package_name-ppc64le:$VERSION
+docker tag $IMAGE_NAME icr.io/icr-ose4s390x-dev/$package_name-s390x:$VERSION
+docker push icr.io/icr-ose4s390x-dev/$package_name-s390x:$VERSION
 if [ $? -ne 0 ]; then
     echo "Docker push failed. Exiting script."
     exit 1

gha-script/upload-scripts/upload_file.sh

@@ -3,8 +3,7 @@
 token_request=$(curl -X POST https://iam.cloud.ibm.com/identity/token \
   -H "content-type: application/x-www-form-urlencoded" \
   -H "accept: application/json" \
-  -d "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=$gha_currency_service_id_api_key_dev")
-
+  -d "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=$GHA_CURRENCY_SERVICE_ID_API_KEY")
 #token=$(echo "$token_request" | jq -r '.access_token')
 #curl -X PUT -H "Authorization: bearer $token" -H "Content-Type: application/gzip" -T $1 "https://s3.us-south.cloud-object-storage.appdomain.cloud/ose-s390x-toolci-bucket-dev/$PACKAGE_NAME/$VERSION/$1"
 

gha-script/upload-scripts/upload_wheel.sh

@@ -3,7 +3,7 @@
 token_request=$(curl -X POST https://iam.cloud.ibm.com/identity/token \
   -H "content-type: application/x-www-form-urlencoded" \
   -H "accept: application/json" \
-  -d "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=$currency_ecosystem_dev_service_api_key")
+  -d "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=$GHA_CURRENCY_SERVICE_ID_API_KEY")
 
 #token=$(echo "$token_request" | jq -r '.access_token')
 #curl -X PUT -H "Authorization: bearer $token" -H "Content-Type: application/gzip" -T $1 "https://s3.au-syd.cloud-object-storage.appdomain.cloud/currency-automation-toolci-bucket/$PACKAGE_NAME/$VERSION/$1"
@@ -13,7 +13,7 @@ if [[ $(echo "$token_request" | jq -r '.errorCode') == "null" ]]; then
     token=$(echo "$token_request" | jq -r '.access_token')
 
     # curl command for uploading the file
-    response=$(curl -X PUT -H "Authorization: bearer $token" -H "Content-Type: application/octet-stream" -T $1 "https://s3.us-east.cloud-object-storage.appdomain.cloud/ose-power-artifacts/$PACKAGE_NAME/$VERSION/$1")
+    response=$(curl -X PUT -H "Authorization: bearer $token" -H "Content-Type: application/octet-stream" -T $1 "https://s3.us-south.cloud-object-storage.appdomain.cloud/ose-s390x-artifacts/$PACKAGE_NAME/$VERSION/$1")
 
     # Check if the PUT request was successful based on the absence of an <Error> block
     if ! echo "$response" | grep -q "<Error>"; then