policyscan.yml

# This is a basic workflow to help you get started with Actions

name: Veracode Policy Scan

# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the master branch
on:
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  build-and-policy-scan:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2
      - uses: actions/setup-java@v1 # Make java accessible on path so the uploadandscan action can run.
        with: 
          java-version: '8'
          
      # zip the project and move it to a staging directory
      - name: Zip Project
        run: zip -R project.zip '*.py' '*.html' '*.htm' '*.js' '*.php' 'requirements.txt' '*.json' '*.lock' '*.ts' '*.pl' '*.pm' '*.plx' '*.pl5' '*.cgi' '*.go' '*.sum' '*.mod'
        env:
          build-name: project.zip
      - uses: actions/upload-artifact@v2 # Copy files from repository to docker container so the next uploadandscan action can access them.
        with:
          path: project.zip # Wildcards can be used to filter the files copied into the container. See: https://github.com/actions/upload-artifact
      - uses: veracode/veracode-uploadandscan-action@master # Run the uploadandscan action. Inputs are described above.
        with:
          appname: '${{ secrets.VERACODE_APP_NAME }}'
          filepath: 'project.zip'
          vid: '${{ secrets.VERACODE_API_ID }}'
          vkey: '${{ secrets.VERACODE_API_KEY }}'
          scantimeout: 15