chore: FoD setup-release action updates

fortify · Sep 16, 2024 · 757b3ad · 757b3ad
1 parent 852d7bf
commit 757b3ad
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 6 deletions.
diff --git a/fcli-core/fcli-common/src/main/java/com/fortify/cli/common/action/runner/ActionRunner.java b/fcli-core/fcli-common/src/main/java/com/fortify/cli/common/action/runner/ActionRunner.java
@@ -978,12 +978,16 @@ public static final class ParameterTypeConverterArgs {
 
     private static final Map<String, BiFunction<String, ParameterTypeConverterArgs, JsonNode>> createDefaultParameterConverters() {
         Map<String, BiFunction<String, ParameterTypeConverterArgs, JsonNode>> result = new HashMap<>();
+        // TODO Most of these will likely fail in case value is null or empty
         result.put("string",  (v,a)->new TextNode(v));
         result.put("boolean", (v,a)->BooleanNode.valueOf(Boolean.parseBoolean(v)));
         result.put("int",     (v,a)->IntNode.valueOf(Integer.parseInt(v)));
         result.put("long",    (v,a)->LongNode.valueOf(Long.parseLong(v)));
         result.put("double",  (v,a)->DoubleNode.valueOf(Double.parseDouble(v)));
         result.put("float",   (v,a)->FloatNode.valueOf(Float.parseFloat(v)));
+        result.put("array",   (v,a)->StringUtils.isBlank(v)
+                ? JsonHelper.toArrayNode(new String[] {}) 
+                : JsonHelper.toArrayNode(v.split(",")));
         // TODO Add BigIntegerNode/DecimalNode/ShortNode support?
         // TODO Add array support?
         return result;

diff --git a/fcli-core/fcli-common/src/main/java/com/fortify/cli/common/json/JsonHelper.java b/fcli-core/fcli-common/src/main/java/com/fortify/cli/common/json/JsonHelper.java
@@ -86,8 +86,8 @@ public static final ArrayNodeCollector arrayNodeCollector() {
         return new ArrayNodeCollector();
     }
 
-    public static final ArrayNode toArrayNode(String... objects) {
-        return Stream.of(objects).map(TextNode::new).collect(arrayNodeCollector());
+    public static final ArrayNode toArrayNode(String... strings) {
+        return Stream.of(strings).map(TextNode::new).collect(arrayNodeCollector());
     }
 
     public static final ArrayNode toArrayNode(JsonNode... objects) {

diff --git a/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/setup-release.yaml b/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/setup-release.yaml
@@ -13,7 +13,7 @@ usage:
     from, or you can use a combination; each business unit or team providing their 
     own custom action, with each of these custom actions defining profiles for 
     different application types/risk. This built-in action only provides a 'default' 
-    profile that simply invokes the `fcli fod release create` and 
+    profile that simply invokes the `fcli fod release create` and optionally
     `fcli fod sast-scan setup` commands with some default options, amended with
     options passed to this action.
 
@@ -30,20 +30,25 @@ parameters:
     required: true
     defaultValue: default
     description: "This built-in action only supports the 'default' profile, which is selected by default"
+  - name: scan-types
+    cliAliases: t
+    required: false
+    type: array
+    description: "Optional comma-separated list of scan type(s) to set up; for now, only 'sast' is supported"
   - group: rel_create_opts
     required: false
     name: copy-from
-    description: "See 'fcli fod release create'"
+    description: "See `fcli fod release create`"
   - group: rel_create_opts
     required: false
     name: description
     cliAliases: d
-    description: "See 'fcli fod release create'"
+    description: "See `fcli fod release create`"
   - group: rel_create_opts
     required: true
     name: sdlc-status
     cliAliases: status
-    description: "See 'fcli fod release create'"
+    description: "See `fcli fod release create`"
 
 
 steps:
@@ -62,4 +67,14 @@ steps:
       - to: stdout
         value: |
           Create application release ${parameters.release} (id ${createRelease[0].releaseId}): ${createRelease[0].__action__}
+  - if: ${parameters["scan-types"].contains("sast")}
+    steps:
+      - fcli:
+        - name: setupSast
+          args: fod sast-scan setup --rel ${parameters.release} --skip-if-exists --assessment-type "Static Assessment" --frequency "Subscription" --audit-preference Automated
+      - write:
+        - to: stdout
+          value: |
+            SAST scan setup status: ${setupSast[0].__action__}
+