.github/workflows/tooling_mend_ruby.yml

# This is a generic workfloww that can be used to scan
# content-and-tooling projects for vulnerabilities.
name: mend

on:
  workflow_call:
    inputs:
      api_key:
        default: ''
        type: string
      token:
        default: ''
        type: string
      product_name:
        default: 'DevX'
        type: string
      ruby_version:
        description: "The target Ruby version."
        required: false
        default: "2.7"
        type: "string"

env:
  MEND_API_KEY: ${{ secrets.MEND_API_KEY != '' && secrets.MEND_API_KEY || inputs.api_key }}
  MEND_TOKEN: ${{ secrets.MEND_TOKEN != '' && secrets.MEND_TOKEN || inputs.token }}
  PRODUCT_NAME: ${{ inputs.PRODUCT_NAME != '' && inputs.PRODUCT_NAME || inputs.product_name }}
  REQUIRE_SECRETS: MEND_API_KEY MEND_TOKEN

jobs:
  mend:
    runs-on: "ubuntu-latest"
    continue-on-error: ${{ contains(fromJson('["puppetlabs","puppet-toy-chest"]'), github.repository_owner) != true }}
    steps:
      - name: "check requirements"
        run: |
          declare -a MISSING
          for V in ${REQUIRE_SECRETS} ; do
            [[ -z "${!V}" ]] && MISSING+=($V)
          done
          if [ ${#MISSING[@]} -gt 0 ] ; then
            echo "::warning::missing required secrets: ${MISSING[@]}"
            exit 1
          fi

      - name: "checkout"
        if: success()
        uses: "actions/checkout@v4"
        with:
          fetch-depth: 1

      - name: "setup ruby"
        if: success()
        uses: "ruby/setup-ruby@v1"
        with:
          ruby-version: ${{ inputs.ruby_version }}

      - name: "bundle lock"
        if: success()
        run: bundle lock

      - uses: "actions/setup-java@v4"
        if: success()
        with:
          distribution: "temurin"
          java-version: "17"

      - name: "download"
        if: success()
        run: curl -o wss-unified-agent.jar https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar

      - name: "scan"
        if: success()
        run: java -jar wss-unified-agent.jar
        env:
          WS_APIKEY: ${{ env.MEND_API_KEY }}
          WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent
          WS_USERKEY: ${{ env.MEND_TOKEN }}
          WS_PRODUCTNAME: ${{ env.PRODUCT_NAME }}
          WS_PROJECTNAME: ${{ github.event.repository.name }}