.github/workflows/main.yml

name: Veracode_Expert
on:
  workflow_dispatch:

env:
  ARTIFACT_NAME_FILE: 'artifact_name.txt'

jobs:
  Package:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          distribution: 'temurin'
          java-version: 17
          architecture: x64

      - name: Build with Maven
        id: build
        run: |
          mvn -B package --file pom.xml
          ARTIFACT_NAME=$(mvn -q --file pom.xml help:evaluate -Dexpression=project.build.finalName -DforceStdout)
          ARTIFACT_NAME="$ARTIFACT_NAME.jar"
          echo $ARTIFACT_NAME > ${{ env.ARTIFACT_NAME_FILE }}
      - name: Empacotamento dos arquivos
        uses: thedoctor0/zip-release@master
        with:
          filename: 'veracode.zip'
          path: .
      - name: Publicando Artefato
        uses: actions/upload-artifact@v2
        with:
          name: pacoteVeracode
          path: veracode.zip
  
  Veracode_SCA:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Veracode SCA
        env:
          SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
        run: |
          curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --allow-dirty

  Veracode_UploadAndScan:
    runs-on: ubuntu-latest
    needs: Package
    steps:
      - name: Download Artefato
        uses: actions/download-artifact@v2
        with:
          name: pacoteVeracode
      - name: UploadAndScan
        uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
        env:
          VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
          VeracodeKey: ${{ secrets.VeracodeKey }}
          AppName: Github Actions - ${{ github.repository }}
        with:
          vid: '$VeracodeID'
          vkey: '$VeracodeKey'
          criticality: 'VeryHigh'
          appname: '$AppName'
          createsandbox: true
          filepath: 'veracode.zip'
          deleteIncompleteScan: false
          version: ${{ github.run_id }}

  Veracode_PipelineScan:
    runs-on: ubuntu-latest
    needs: Package
    steps:
      - name: Download Artefato
        uses: actions/download-artifact@v2
        with:
          name: pacoteVeracode
      - name: Veracode Pipeline Scan
        env:
          VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
          VKEY: ${{ secrets.VeracodeKey }}
          CaminhoArquivo: './veracode.zip'
        run: |
          curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
          unzip pipeline-scan-LATEST.zip
          java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true 