chore: refactor blackduck scan workflow (#1034)

Refinitiv · Nov 24, 2023 · 788caff · 788caff
1 parent c3f8446
commit 788caff
Showing 1 changed file with 13 additions and 8 deletions.
diff --git a/.github/workflows/blackduck_scan.yml b/.github/workflows/blackduck_scan.yml
@@ -36,6 +36,16 @@ jobs:
     name: Blackduck
     runs-on: ubuntu-latest
     steps:
+      - name: Context Valdidation
+        run: |
+          BRANCH_NAME="${GITHUB_REF#refs/heads/}"
+          if [[ "${{ inputs.target }}" == "Production" && $BRANCH_NAME != "v6" && $BRANCH_NAME != "v7" ]]; \
+          then echo "Only v6 & v7 branch can be published as production"; exit 1; \
+          fi
+          if [[ -z "${{ vars.BLACKDUCK_APP_ID }}" ]]; then  echo "[BLACKDUCK] APP_ID must be set";  exit 1; fi
+          if [[ -z "${{ vars.BLACKDUCK_PROJECT_ID }}" ]]; then echo "[BLACKDUCK] PROJECT_ID must be set"; exit 1; fi
+          if [[ -z "${{ secrets.BLACKDUCK_APP_TOKEN }}" ]]; then echo "[BLACKDUCK] BLACKDUCK_APP_TOKEN must be set"; exit 1; fi
+          echo "Inputs, variables & secrets validation: successful."
       - name: Check out repository code
         uses: actions/checkout@v3
         with:
@@ -52,14 +62,9 @@ jobs:
           mv $DETECT_FILE appsec/
           BRANCH_NAME="${GITHUB_REF#refs/heads/}"
 
-          if [[ "${{ inputs.target }}" == "Production" && $BRANCH_NAME != "v6" && $BRANCH_NAME != "v7" ]]; \
-          then echo "Only v6 & v7 branch can be published as production"; exit 1; \
-          fi
-          if [[ "${{ inputs.target }}" == "Production" ]]; then  export RELEASE_TYPE="PROD"; export VERSION_ID="Release_$BRANCH_NAME"; fi
-          if [[ "${{ inputs.target }}" != "Production" ]]; then export RELEASE_TYPE="DEV"; export VERSION_ID="${{ inputs.target }}"; fi
-          if [[ -z "${{ vars.BLACKDUCK_APP_ID }}" ]]; then  echo "[BLACKDUCK] APP_ID must be set";  exit 1; fi
-          if [[ -z "${{ vars.BLACKDUCK_PROJECT_ID }}" ]]; then echo "[BLACKDUCK] PROJECT_ID must be set"; exit 1; fi
-          if [[ -z "${{ secrets.BLACKDUCK_APP_TOKEN }}" ]]; then echo "[BLACKDUCK] BLACKDUCK_APP_TOKEN must be set"; exit 1; fi
+          RELEASE_TYPE="DEV"
+          VERSION_ID="${{ inputs.target }}"
+          if [[ "${{ inputs.target }}" == "Production" ]]; then RELEASE_TYPE="PROD"; VERSION_ID="Release_${GITHUB_REF#refs/heads/}"; fi
 
           java -jar appsec/$DETECT_FILE \
           --detect.project.application.id="${{ vars.BLACKDUCK_APP_ID }}" \