From 098848d398065ce3d7222fb06eae6d9cd8282837 Mon Sep 17 00:00:00 2001
From: Christophe Jauffret <reg-github@geo6.net>
Date: Wed, 7 Feb 2024 13:14:22 +0100
Subject: [PATCH] switch to new blackduck action (#107)

* switch to new blackduck action v1.7
---
 .github/workflows/synopsys-schedule.yaml | 16 +++++++-------
 .github/workflows/synopsys.yaml          | 28 +++++++++++++++++++-----
 2 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/synopsys-schedule.yaml b/.github/workflows/synopsys-schedule.yaml
index ab251a3..b58833d 100644
--- a/.github/workflows/synopsys-schedule.yaml
+++ b/.github/workflows/synopsys-schedule.yaml
@@ -1,4 +1,4 @@
-name: Black Duck Intelligent Policy Check
+name: Black Duck Daily Policy Check
 on:
   schedule:
     - cron: "0 0 * * *"
@@ -18,11 +18,11 @@ jobs:
       - name: Build Project
         run: make build
 
-      - name: Run Synopsys Detect
-        uses: synopsys-sig/detect-action@v0.3.4
+      - name: Black Duck Full Scan
+        uses: synopsys-sig/synopsys-action@v1.7.0
         with:
-          scan-mode: INTELLIGENT
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          detect-version: 8.10.0
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: true
+          blackduck_scan_failure_severities: 'BLOCKER,CRITICAL'
diff --git a/.github/workflows/synopsys.yaml b/.github/workflows/synopsys.yaml
index 8190a80..3ff8e74 100644
--- a/.github/workflows/synopsys.yaml
+++ b/.github/workflows/synopsys.yaml
@@ -20,10 +20,26 @@ jobs:
       - name: Build Project
         run: make build
 
-      - name: Run Synopsys Detect
-        uses: synopsys-sig/detect-action@v0.3.4
+      - name: Black Duck Full Scan
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: synopsys-sig/synopsys-action@v1.7.0
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          detect-version: 8.10.0
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: true
+          blackduck_scan_failure_severities: 'BLOCKER,CRITICAL'
+          include_diagnostics: true
+
+      - name: Black Duck PR Scan
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: synopsys-sig/synopsys-action@v1.7.0
+        env:
+          DETECT_PROJECT_VERSION_NAME: ${{ github.base_ref }}
+        with:
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: false
+          blackduck_prComment_enabled: true
+          include_diagnostics: true