.github/workflows/blackduck.yml

name: blackduck-scan

on:
  workflow_dispatch:
  schedule:
    - cron: 0 23 * * *

jobs:
  tests:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
      - uses: actions/checkout@v3
      - run: git fetch --depth=1
      - uses: actions/setup-node@v3
        with:
          node-version: 18
          cache: 'yarn'
      - run: yarn install --frozen-lockfile
      - run: sudo apt-get install jq
      - run: echo "project_version=$(cat package.json | jq '.version' | tr -d '"')" >> $GITHUB_ENV
      - name: Blackduck Scan
        uses: SAP/project-piper-action@27cadf261545552a68660531476c0915a97ee3d8
        with:
          command: detectExecuteScan
          flags: \
            --version=$PROJECT_VERSION \
            --scanProperties="\
            --detect.yarn.prod.only=true \
            --blackduck.signature.scanner.memory=4096 \
            --detect.timeout=6000 \
            --blackduck.trust.cert=true"
        env:
          PIPER_token: ${{ secrets.BLACKDUCK_TOKEN }}
          PROJECT_VERSION: ${{ env.project_version }}