.github/workflows/veracode.yml

name: Veracode
on:
  workflow_dispatch:

jobs:
  build:
    name: Build app
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v3

      - name: Set up Go
        uses: actions/setup-go@v4
        with:
          go-version-file: go.mod

      - name: Create Vendor Folder
        run: go mod vendor

      - name: Build
        run: go build -v ./...

      - name: Empacotamento dos arquivos
        uses: thedoctor0/zip-release@master
        with:
          filename: 'veracode.zip'
          path: .
          
      - name: Publicando Artefato
        uses: actions/upload-artifact@v2
        with:
          name: pacoteVeracode
          path: veracode.zip

  Veracode_IaC:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Veracode IaC
        env:
          VERACODE_API_KEY_ID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
          VERACODE_API_KEY_SECRET: ${{ secrets.VeracodeKey }}
        run: |
          curl -fsS https://tools.veracode.com/veracode-cli/install | sh
          ./veracode scan --source ${{ secrets.ContainerImage }} --type image --format table

  Veracode_UploadAndScan:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Download Artefato
        uses: actions/download-artifact@v2
        with:
          name: pacoteVeracode
      - name: UploadAndScan
        uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
        env:
          VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
          VeracodeKey: ${{ secrets.VeracodeKey }}
          AppName: ${{ github.repository }}
        with:
          vid: '$VeracodeID'
          vkey: '$VeracodeKey'
          criticality: 'VeryHigh'
          appname: '$AppName'
          filepath: 'veracode.zip'
          scanallnonfataltoplevelmodules: true
          includenewmodules: true
          version: ${{ github.run_id }}

  Veracode_PipelineScan:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Download Artefato
        uses: actions/download-artifact@v2
        with:
          name: pacoteVeracode
      - name: Veracode Pipeline Scan
        env:
          VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
          VKEY: ${{ secrets.VeracodeKey }}
          CaminhoArquivo: './veracode.zip'
        run: |
          curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
          unzip pipeline-scan-LATEST.zip
          java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true