From bb7d50c2853bc75102138a5324b593253eba7a96 Mon Sep 17 00:00:00 2001
From: mikolajbrzezinski <mikolaj.brzezinski@hyland.com>
Date: Fri, 8 Dec 2023 16:27:13 +0100
Subject: [PATCH] ACS-6305 Prepare for review

---
 .github/workflows/ci.yml | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3d5142f04..66e3840b1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -56,12 +56,13 @@ jobs:
     name: "Pipeline SAST Scan"
     runs-on: ubuntu-latest
     if: >
-      ((github.ref_name == 'master' || startsWith(github.ref_name, 'SP/') || github.event_name == 'pull_request')) &&
-      !contains(github.event.head_commit.message, '[skip build]')
+      (github.ref_name == 'master' || startsWith(github.ref_name, 'SP/') || startsWith(github.ref_name, 'HF/') || github.event_name == 'pull_request') &&
+      !contains(github.event.head_commit.message, '[skip tests]') &&
+      !contains(github.event.head_commit.message, '[force')
     steps:
       - uses: actions/checkout@v3
-      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.33.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.33.0
+      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.34.0
+      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.34.0
       - name: "Login to Docker Hub"
         uses: docker/login-action@v2.1.0
         with:
@@ -73,6 +74,12 @@ jobs:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_PASSWORD }}
+      - uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v5.6.0
+        with:
+          token: ${{ secrets.BOT_GITHUB_TOKEN }}
+          repository: "Alfresco/veracode-baseline-archive"
+          file-path: "alfresco-transform-core/alfresco-transform-core-baseline.json"
+          target: "baseline.json"
       - name: "Build"
         run: mvn -B -U install -DskipTests
       - name: "Create zip"
@@ -89,11 +96,12 @@ jobs:
           issue_details: true
           veracode_policy_name: Alfresco Default
           summary_output: true
-          summary_output_file: readable_results.txt
+          summary_output_file: results.json
           summary_display: true
+          baseline_file: baseline.json
       - name: Upload scan result
         if: success() || failure()
-        run: zip readable_output.zip readable_results.txt
+        run: zip readable_output.zip results.json
       - name: Upload Artifact
         if: success() || failure()
         uses: actions/upload-artifact@v3