From fe193ff135b7cb771f46a50554680e7a7a734242 Mon Sep 17 00:00:00 2001
From: Prabhu Subramanian <prabhu@shiftleft.io>
Date: Fri, 4 Sep 2020 22:30:55 +0100
Subject: [PATCH] Update and rename shiftleft-inspect.yml to
 shiftleft-ngsast.yml

---
 .github/workflows/shiftleft-inspect.yml | 47 --------------------
 .github/workflows/shiftleft-ngsast.yml  | 57 +++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 47 deletions(-)
 delete mode 100644 .github/workflows/shiftleft-inspect.yml
 create mode 100644 .github/workflows/shiftleft-ngsast.yml

diff --git a/.github/workflows/shiftleft-inspect.yml b/.github/workflows/shiftleft-inspect.yml
deleted file mode 100644
index 4fe9e13..0000000
--- a/.github/workflows/shiftleft-inspect.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-# This workflow integrates ShiftLeft Inspect with GitHub
-# Visit https://docs.shiftleft.io for help
-name: Analyze with ShiftLeft Inspect
-
-on:
-  push:
-    branches:
-      - master
-      - feature/*
-      - fix/*
-  pull_request:
-    branches:
-      - master
-
-jobs:
-  Inspect-Build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    # We are building this application with Java 11
-    - name: Setup Java JDK
-      uses: actions/setup-java@v1.3.0
-      with:
-        java-version: 11.0.x
-    - name: Package with maven
-      run: mvn compile package
-    - name: Download ShiftLeft cli
-      run: |
-        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
-
-    # ShiftLeft requires Java 1.8. Post the package step override the version
-    - name: Setup Java JDK
-      uses: actions/setup-java@v1.3.0
-      with:
-        java-version: 1.8
-    - name: Analyze with Inspect
-      run: ${GITHUB_WORKSPACE}/sl analyze --no-diagnostic --force --app ShiftLeftJava --tag branch=${GITHUB_REF} --java --cpg target/hello-shiftleft-0.0.1.jar
-      env:
-        SHIFTLEFT_ORG_ID: ${{ secrets.SHIFTLEFT_ORG_ID }}
-        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
-    - name: Create status check
-      run: |
-        URL="https://www.shiftleft.io/violationlist/ShiftLeftJava?apps=ShiftLeftJava&isApp=1"
-        GH_CHECK_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/check-runs"
-        curl -XPOST $GH_CHECK_URL -H "Authorization: Token ${GITHUB_TOKEN}" -H "accept: application/vnd.github.antiope-preview+json" -H "Content-Type: application/json" -d "{\"name\": \"ShiftLeft Inspect\", \"head_sha\": \"${GITHUB_REF}\", \"external_id\": \"ShiftLeftJava\", \"details_url\": \"${URL}\", \"status\": \"completed\", \"conclusion\": \"action_required\", \"output\": {\"title\": \"ShiftLeft Inspect Findings\", \"summary\": \"Visit ${URL} for the findings\"}}"
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/shiftleft-ngsast.yml b/.github/workflows/shiftleft-ngsast.yml
new file mode 100644
index 0000000..6240a62
--- /dev/null
+++ b/.github/workflows/shiftleft-ngsast.yml
@@ -0,0 +1,57 @@
+---
+# This workflow integrates ShiftLeft NG SAST with GitHub
+# Visit https://docs.shiftleft.io for help
+name: ShiftLeft
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  NextGen-Static-Analysis:
+    runs-on: ubuntu-latest    
+    steps:
+    - uses: actions/checkout@v2
+    - name: Setup Java JDK
+      uses: actions/setup-java@v1.3.0
+      with:
+        java-version: 1.8
+    - name: Download ShiftLeft cli
+      run: |
+        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+    - name: Extract branch name
+      shell: bash
+      run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+      id: extract_branch
+    - name: Build and Analyze
+      run: |
+        TARGET_DIR=target
+        BUILT=0
+        POM_COUNT=$(find . -maxdepth 1 -type f -name "pom.xml" -not -path '*/\.git/*' | wc -l | tr -d " ")
+        GRADLE_COUNT=$(find . -maxdepth 1 -type f -name "build.gradle" -not -path '*/\.git/*' | wc -l | tr -d " ")
+        SBT_COUNT=$(find . -maxdepth 1 -type f -name "build.sbt" -not -path '*/\.git/*' | wc -l | tr -d " ")
+        if [ "$POM_COUNT" != "0" ]; then
+          mvn compile package
+          BUILT=1
+        elif [ "$GRADLE_COUNT" != "0" ]; then
+          gradle jar
+          #./gradlew jar
+          TARGET_DIR=build
+          BUILT=1
+        elif [ "$SBT_COUNT" != "0" ]; then
+          echo "deb https://dl.bintray.com/sbt/debian /" | sudo tee -a /etc/apt/sources.list.d/sbt.list
+          curl -sL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2EE0EA64E40A89B84B2DF73499E82A75642AC823" | sudo apt-key add
+          sudo apt update -y
+          sudo apt-get install sbt -y
+          sbt package
+          TARGET_DIR=target/scala-2.11/
+          BUILT=1
+        fi
+        if [ "$BUILT" = "1" ]; then
+          jar cvf app.jar -C $TARGET_DIR .
+          ${GITHUB_WORKSPACE}/sl analyze --wait --app $(basename $(pwd)) --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --java --cpg app.jar
+        else
+          echo "Unable to build the project automatically. Please follow the instructions in our documentation to setup this project - https://docs.shiftleft.io/ngsast/analyzing-applications/java"  
+        fi
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}