Assuming you want to run checkmarx scan on any push event to make sure the codes committed do not have major secruity concerns. You can set up a workflow like below: name: Trigger Checkmarx Scan Workflow on: push: branches-ignore: - main - master - develop jobs: checkmarxscan: runs-on: linux steps: - name: Trigger Checkmarx Scan env: checkmarx_scan_webhook : yourwebhookjenkinsjoburl=&checkmarxProjectId= project_name: yourcheckmarxprojectname GITHUB_EVENT: ${{ toJson(github.event) }} BRANCH_NAME: ${{ github.head_ref || github.ref_name }} run: | curl -X POST "${checkmarx_scan_webhook}${project_name}&branchName=$BRANCH_NAME" -H 'Content-Type: application/json' -d "$GITHUB_EVENT"
use branches-ignore I used branches-ignore to let this action will be triggered on any branch except the branches ignored. json github.eventfirst set github.event to env. GITHUB_EVENT: ${{ toJson(github.event) }}
and then use it in the run command. -d "$GITHUB_EVENT"
make sure you use double quotes " and $ to read it, otherwise you will get error. get branch nameby default, the github.event does not include the branch name. but you can use below script to get the branch name and set it as env. BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
And then pass it as query parameter in the webhook url. &branchName=$BRANCH_NAME"
jenkins job as a webhookfrom the curl command, it will send out the github.event as a json body and branchName as query. The json body and query will be resolved as variables in the runtime of the jenkins job and you can use them directly in the jenkins scripts. After the workflow action is triggered successfully, it will print out the resolved variables as well. Check the resolvedVariables in the console log of the action. {"jobs":{"CheckMarxScan-FromWebhook":{"regexpFilterExpression":"","triggered":true,"resolvedVariables":{"branchName":"workflow/checkmarx-scan-onpush","branchName_0":"workflow/checkmarx-scan-onpush","checkmarxProjectId":"xxx","checkmarxProjectId_0":"xxxxxx","commits":"[{\"author\":{\"email\":\"xx@xx\",\"name\":\"Leng, Errong\",\"username\":\"Errong-Leng\"},\"committer\":{\"email\":\"noreply@github.com\",\"name\":\"GitHub\",\"username\":\"web-flow\"},\"distinct\":true,\"id\":\"e4b472116628a53f5b48caf10b2590d6e2602c7a\",\"message\":\"change job name\",\"timestamp\":\"2024-04-26T16:44:46-07:00\",\"tree_id\":\"d5e94f1955254c2612d37aeb6e72fd5e3ddc2efb\",\"ur ...
This will help you set up the jenkins job scripts as well. Happy Debugging and Codding! |
No comments:
Post a Comment