github-action icon indicating copy to clipboard operation
github-action copied to clipboard
verified publisher icon blackducksoftware

Blackduck scan appear as snapshot version.

Open alexander-goldman-by opened this issue 4 years ago • 1 comments

Github action for blackduck scan using release plugin pl.allegro.tech.build.axion-release version "1.10.1" and blackducksoftware/[email protected] currently downloads the execution script into the same folder that the checkout action uses by default to checkout source code. This creates an issue where a local file (dirty repo) will bump up the version of the gradle project and add -SNAPSHOT to it. This makes versions displayed on the scan either out of sync with the current version or incorrectly displays the version as a snapshot (local) version. If it is possible to download the script outside of GITHUB_WORKSPACE, it would fix the issues we're currently encountering.

alexander-goldman-by avatar Feb 02 '21 16:02 alexander-goldman-by

@alexander-goldman-by You can do this via scripting instead of using this action,

In the folder you want

- name: Synopsys Detect
  run: |
  curl -O https://detect.synopsys.com/detect.sh
  bash detect.sh --blackduck.url=<> --blackduck.api.token=<> --detect.project.name=<> --detect.source.path=<>

Use detect.source.path to locate your source folder

gautambaghel avatar Mar 03 '21 18:03 gautambaghel