getting-started-java/wercker.yml at master · TheFrogPad/getting-started-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# docker box definition
box:
  id: openjdk
  ports:
    - "8080"

# defining the dev pipeline
dev:
  steps:
    - script:
      name: gradle bootRun
      code: |
        ./gradlew bootRun

    ### REPLACE the above script step with this internal/watch step to enable
    ### dynamic rebuilding/reloading of the container in response to file changes.
    #
    # - internal/watch:
    #     code: |
    #       ./gradlew bootRun
    #     reload: true

# Build definition
build:
  # The steps that will be executed on build
  steps:
    # A step that executes `gradle build` command
    - script:
        name: gradle build
        code: |
          ./gradlew --full-stacktrace -q --project-cache-dir=$WERCKER_CACHE_DIR build
          echo "cp build/libs/*.jar $WERCKER_CACHE_DIR"
          cp build/libs/*.jar $WERCKER_CACHE_DIR
          echo "cp build/libs/*.jar $WERCKER_OUTPUT_DIR"
          cp build/libs/*.jar $WERCKER_OUTPUT_DIR
    - script:
        name: environment details
        code: |
          echo "% env"
          env
          echo "% ls -alF $WERCKER_CACHE_DIR"
          ls -alF $WERCKER_CACHE_DIR
          echo "% ls -alF $WERCKER_OUTPUT_DIR"
          ls -alF $WERCKER_OUTPUT_DIR

    ### Run dependency-check using gradle plugin with modified build.gradle
    # - script:
    #     name: OWASP Dependency-Check
    #     code: |
    #       ./gradlew --project-cache-dir=$WERCKER_CACHE_DIR dependencyCheckAnalyze
    #       echo "% cp build/reports/*.* $WERCKER_CACHE_DIR"
    #       cp build/reports/*.* $WERCKER_CACHE_DIR

# security scan definition
security-scan:
  # The steps that will run the security scan to check for libraries with reported CVEs
  steps:
    - script:
        name: environment details
        code: |
          echo "% env"
          env
          echo "% ls -alF $WERCKER_CACHE_DIR"
          ls -alF $WERCKER_CACHE_DIR
          echo "% ls -alF $WERCKER_OUTPUT_DIR"
          ls -alF $WERCKER_OUTPUT_DIR
    ### Use CVSS of 11 so that the step completes even when a CVE is discovered
    - thefrogpad/owasp-dependency-check:
        project: demo
        scan: $WERCKER_CACHE_DIR/demo-1.0.jar
        format: ALL
        fail_on_cvss: "11"
    - script:
        name: OWASP dependency-check details
        code: |
          echo "% ls -alF $WERCKER_CACHE_DIR"
          ls -alF $WERCKER_CACHE_DIR
          echo "% ls -alF $WERCKER_CACHE_DIR/owasp/"
          ls -alF $WERCKER_CACHE_DIR/owasp
          echo "% cat $WERCKER_CACHE_DIR/dependency-check-vulnerability.html"
          cat $WERCKER_CACHE_DIR/dependency-check-vulnerability.html