ACS-6931 Temporarily turn off SAST Scan (#2489)

ACS-6931 Temporarily turn off SAST Scan
2025-07-24 17:32:48 +00:00 · 2024-03-06 13:11:31 +01:00
parent df4629b801
commit 7d135b9356
1 changed files with 52 additions and 50 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -71,56 +71,58 @@ jobs:
      - name: "Clean Maven cache"
        run: bash ./scripts/ci/cleanup_cache.sh
-  veracode_sast:
+#  SEE: ACS-6931 Currently times out after an hour. TO BE RESTORED after resolving the issue with Veracode Support.
-    name: "Pipeline SAST Scan"
+#
-    runs-on: ubuntu-latest
+#  veracode_sast:
-    needs: [prepare]
+#    name: "Pipeline SAST Scan"
-    if: >
+#    runs-on: ubuntu-latest
-      (github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
+#    needs: [prepare]
-      github.actor != 'dependabot[bot]' &&
+#    if: >
-      !contains(github.event.head_commit.message, '[skip tests]') &&
+#      (github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
-      !contains(github.event.head_commit.message, '[force')
+#      github.actor != 'dependabot[bot]' &&
-    steps:
+#      !contains(github.event.head_commit.message, '[skip tests]') &&
-      - uses: actions/checkout@v3
+#      !contains(github.event.head_commit.message, '[force')
-      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.35.2
+#    steps:
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v1.35.2
+#      - uses: actions/checkout@v3
-      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.35.2
+#      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.35.2
-      - uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v5.6.0
+#      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v1.35.2
-        with:
+#      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.35.2
-          token: ${{ secrets.BOT_GITHUB_TOKEN }}
+#      - uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v5.6.0
-          repository: "Alfresco/veracode-baseline-archive"
+#        with:
-          file-path: "alfresco-community-repo/alfresco-community-repo-baseline.json"
+#          token: ${{ secrets.BOT_GITHUB_TOKEN }}
-          target: "baseline.json"
+#          repository: "Alfresco/veracode-baseline-archive"
-      - name: "Build"
+#          file-path: "alfresco-community-repo/alfresco-community-repo-baseline.json"
-        timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
+#          target: "baseline.json"
-        run: |
+#      - name: "Build"
-          bash ./scripts/ci/init.sh
+#        timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
-          bash ./scripts/ci/build.sh
+#        run: |
-      - name: "Run SAST Scan"
+#          bash ./scripts/ci/init.sh
-        uses: veracode/Veracode-pipeline-scan-action@v1.0.10
+#          bash ./scripts/ci/build.sh
-        with:
+#      - name: "Run SAST Scan"
-          vid: ${{ secrets.VERACODE_API_ID }}
+#        uses: veracode/Veracode-pipeline-scan-action@v1.0.10
-          vkey: ${{ secrets.VERACODE_API_KEY }}
+#        with:
-          file: "packaging/war/target/alfresco.war"
+#          vid: ${{ secrets.VERACODE_API_ID }}
-          fail_build: true
+#          vkey: ${{ secrets.VERACODE_API_KEY }}
-          project_name: alfresco-community-repo
+#          file: "packaging/war/target/alfresco.war"
-          issue_details: true
+#          fail_build: true
-          veracode_policy_name: Alfresco Default
+#          project_name: alfresco-community-repo
-          summary_output: true
+#          issue_details: true
-          summary_output_file: results.json
+#          veracode_policy_name: Alfresco Default
-          summary_display: true
+#          summary_output: true
-          baseline_file: baseline.json
+#          summary_output_file: results.json
-      - name: Upload scan result
+#          summary_display: true
-        if: success() || failure()
+#          baseline_file: baseline.json
-        run: zip readable_output.zip results.json
+#      - name: Upload scan result
-      - name: Upload Artifact
+#        if: success() || failure()
-        if: success() || failure()
+#        run: zip readable_output.zip results.json
-        uses: actions/upload-artifact@v3
+#      - name: Upload Artifact
-        with:
+#        if: success() || failure()
-          name: Veracode Pipeline-Scan Results (Human Readable)
+#        uses: actions/upload-artifact@v3
-          path: readable_output.zip
+#        with:
-      - name: "Clean Maven cache"
+#          name: Veracode Pipeline-Scan Results (Human Readable)
-        run: bash ./scripts/ci/cleanup_cache.sh
+#          path: readable_output.zip
 #      - name: "Clean Maven cache"
 #        run: bash ./scripts/ci/cleanup_cache.sh
  pmd_scan:
    name: "PMD Scan"