Update main.yml #50

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Build with CodeArtifact

	on:
	push:
	branches:
	- develop

	jobs:
	build:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Set up environment variables and obtain CodeArtifact auth token
	env:
	AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_REGION: ${{ secrets.AWS_REGION }}
	run: \|
	echo "Setting up AWS CodeArtifact authentication token"
	export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token \
	--domain ${{ secrets.CODEARTIFACT_DOMAIN }} \
	--domain-owner $AWS_ACCOUNT_ID \
	--region $AWS_REGION \
	--query authorizationToken \
	--output text)


	- name: Set up JDK 17
	uses: actions/setup-java@v3
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Build with Maven
	env:
	AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_REGION: ${{ secrets.AWS_REGION }}
	TARGET_DIR: "/home/runner/work/OHDSI-ArachneCommons/OHDSI-ArachneCommons/target"
	run: \|
	echo "Running Maven Build"
	export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token \
	--domain ${{ secrets.CODEARTIFACT_DOMAIN }} \
	--domain-owner $AWS_ACCOUNT_ID \
	--region $AWS_REGION \
	--query authorizationToken \
	--output text)
	mvn clean install
	package_list=$(aws codeartifact list-packages \
	--domain mdaca \
	--repository OHDSI \
	--format maven \
	--query "packages[].{namespace:namespace,package:package}" \
	--output text)

	# Iterate through each package in the list
	echo "$package_list" \| while read -r namespace package; do
	# Only proceed if both namespace and package have values
	if [[ -n "$namespace" && -n "$package" ]]; then
	echo "Deleting package $package in namespace $namespace"
	aws codeartifact delete-package \
	--domain mdaca \
	--repository OHDSI \
	--format maven \
	--namespace "$namespace" \
	--package "$package"
	else
	echo "Skipping invalid entry: namespace=$namespace, package=$package"
	fi
	done
	mvn deploy -s .m2/settings.xml -DaltDeploymentRepository=codeartifact::default::https://mdaca-201959883603.d.codeartifact.us-east-2.amazonaws.com/maven/OHDSI/
	pwd
	ls -la
	find "$TARGET_DIR" -name "*.jar" \| while read -r jarfile; do
	echo "Processing $jarfile..."

	# Create a directory to explode the jar file
	exploded_dir="${jarfile%.jar}-exploded"
	mkdir -p "$exploded_dir"

	# Explode the jar file (extract contents)
	unzip -o "$jarfile" -d "$exploded_dir"

	echo "Exploded $jarfile into $exploded_dir"
	done

	- name: Scan a specific path with Trivy
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs' # Filesystem scan
	path: '/home/runner/work/OHDSI-ArachneCommons/OHDSI-ArachneCommons/target'
	format: 'json' # Output in JSON format
	output: '/home/runner/work/OHDSI-ArachneCommons/OHDSI-ArachneCommons/trivy-results.json' # Save results to trivy-results.json file

	- name: Covert Trivy to CSV
	run: \|
	jq -r '.Results[] \| select(.Vulnerabilities != null) \| .Vulnerabilities[] \| [.SeveritySource, .VulnerabilityID, .PkgName, .PkgPath, .InstalledVersion, .FixedVersion, .Status, .Severity] \| @csv' /home/runner/work/OHDSI-ArachneCommons/OHDSI-ArachneCommons/trivy-results.json > OHDSI-ArachneCommons.csv
	- name: Upload Reports
	uses: actions/upload-artifact@v4
	with:
	name: trivy-reports
	path: \|
	OHDSI-ArachneCommons.csv

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update main.yml #50

Workflow file

Update main.yml #50

Jobs

Run details

Workflow file for this run