Merge pull request #3364 from mercedes-benz/feature-3359-validation-w…

…rapper-release-and-integration

Feature 3359 validation wrapper release and integration

.github/workflows/release-wrapper-validation.yml

@@ -1,27 +1,27 @@
 # SPDX-License-Identifier: MIT
-name: Release Secretscan Validation Wrapper
+name: Release Wrapper for Secret-Validation
 
 on:
   workflow_dispatch:
     inputs:
       actor-email:
         description: Insert your email address here. It will be used in the generated pull requests
         required: true
-      validation-wrapper-version:
-        description: Secretscan-Validation-wrapper Version (e.g. 1.0.0)
+      secretvalidation-wrapper-version:
+        description: Secret-Validation-wrapper Version (e.g. 1.0.0)
         required: true
-      validation-wrapper-milestone-number:
-        description: Secretscan-Validation-wrapper Milestone number (e.g. 153)
+      secretvalidation-wrapper-milestone-number:
+        description: Secret-Validation-wrapper Milestone number (e.g. 153)
         required: true
 jobs:
   release-version:
-    name: Create Secretscan-Validation-wrapper release
+    name: Create Secret-Validation-wrapper release
     runs-on: ubuntu-latest
     steps:
       - name: "Show Inputs"
         run: |
           echo "actor-email: '${{ inputs.actor-email }}'"
-          echo "Secretscan-Validation-wrapper '${{ inputs.validation-wrapper-version }}' - Milestone '${{ inputs.validation-wrapper-milestone-number }}'"
+          echo "Secret-Validation-wrapper '${{ inputs.secretvalidation-wrapper-version }}' - Milestone '${{ inputs.secretvalidation-wrapper-milestone-number }}'"
 
       - name: Checkout branch master
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
@@ -30,8 +30,8 @@ jobs:
 
       # Create temporary local tags, so we build documentation for this tag...
       # The final tag on git server side will be done automatically by the release when the draft is saved as "real" release
-      - name: Tag Secretscan Validation Wrapper version v${{ inputs.validation-wrapper-version }}-validation-wrapper (temporarily)
-        run: git tag v${{ inputs.validation-wrapper-version }}-validation-wrapper
+      - name: Tag Secret-Validation Wrapper version v${{ inputs.secretvalidation-wrapper-version }}-secretvalidation-wrapper (temporarily)
+        run: git tag v${{ inputs.secretvalidation-wrapper-version }}-secretvalidation-wrapper
 
       # ----------------------
       # Setup + Caching
@@ -68,11 +68,11 @@ jobs:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash
           delete-branch: true
-          title: '0 - Before validation-wrapper release: Add missing SPDX license headers [auto-generated]'
+          title: '0 - Before secretvalidation-wrapper release: Add missing SPDX license headers [auto-generated]'
           body: |
-            Auto-generated by Github Actions validation-wrapper release job.
+            Auto-generated by Github Actions secretvalidation-wrapper release job.
 
-            -> Please review and merge **before** publishing the validation-wrapper release.
+            -> Please review and merge **before** publishing the secretvalidation-wrapper release.
 
       - name: Print PR infos
         if: steps.apply-headers.outputs.commits != ''
@@ -84,10 +84,10 @@ jobs:
         run: git checkout master
 
       # -----------------------------------------
-      # Build SecHub Secretscan Validation Wrapper
+      # Build SecHub Secret-Validation Wrapper
       # -----------------------------------------
-      - name: Build Secretscan Validation Wrapper
-        run: ./gradlew :sechub-wrapper-validation:bootjar
+      - name: Build Secret-Validation Wrapper
+        run: ./gradlew :sechub-wrapper-secretvalidation:bootJar
 
       # -----------------------------------------
       # Upload build artifacts
@@ -106,12 +106,12 @@ jobs:
           path: build/reports/git-status.txt
           retention-days: 14
 
-      - name: Archive Secretscan Validation Wrapper libs directory
+      - name: Archive Secret-Validation Wrapper libs directory
         if: always()
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
         with:
-          name: sechub-wrapper-validation
-          path: sechub-wrapper-validation/build/libs
+          name: sechub-wrapper-secretvalidation
+          path: sechub-wrapper-secretvalidation/build/libs
           retention-days: 14
 
       - name: Switch back to master branch
@@ -124,64 +124,64 @@ jobs:
       - name: Assert releasable
         run: ./gradlew assertReleaseable
 
-      - name: Create Secretscan Validation Wrapper release
-        id: create_validation-wrapper_release
+      - name: Create Secret-Validation Wrapper release
+        id: create_secretvalidation-wrapper_release
         uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
         with:
-          tag_name: v${{ inputs.validation-wrapper-version }}-validation-wrapper
+          tag_name: v${{ inputs.secretvalidation-wrapper-version }}-secretvalidation-wrapper
           commitish: master
-          release_name: Secretscan Validation Wrapper Version ${{ inputs.validation-wrapper-version }}
+          release_name: Secret-Validation Wrapper Version ${{ inputs.secretvalidation-wrapper-version }}
           body: |
             Changes in this Release
-            - Some minor changes on Secretscan Validation Wrapper implementation
+            - Some minor changes on Secret-Validation Wrapper implementation
 
-            For more details please look at [Milestone ${{inputs.validation-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.validation-wrapper-milestone-number}}?closed=1)
+            For more details please look at [Milestone ${{inputs.secretvalidation-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.secretvalidation-wrapper-milestone-number}}?closed=1)
           draft: true
           prerelease: false
 
       # -----------------------------------------
       # Upload release artifacts
       # -----------------------------------------
-      - name: Create files and sha256 checksum for Secretscan Validation Wrapper jar
+      - name: Create files and sha256 checksum for Secret-Validation Wrapper jar
         run: |
-          cd sechub-wrapper-validation/build/libs/
-          sha256sum sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar > sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar.sha256sum
+          cd sechub-wrapper-secretvalidation/build/libs/
+          sha256sum sechub-wrapper-secretvalidation-${{ inputs.secretvalidation-wrapper-version }}.jar > sechub-wrapper-secretvalidation-${{ inputs.secretvalidation-wrapper-version }}.jar.sha256sum
 
-      - name: Upload asset sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar
+      - name: Upload asset sechub-wrapper-secretvalidation-${{ inputs.secretvalidation-wrapper-version }}.jar
         uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          upload_url: ${{ steps.create_validation-wrapper_release.outputs.upload_url }}
-          asset_path: sechub-wrapper-validation/build/libs/sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar
-          asset_name: sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar
+          upload_url: ${{ steps.create_secretvalidation-wrapper_release.outputs.upload_url }}
+          asset_path: sechub-wrapper-secretvalidation/build/libs/sechub-wrapper-secretvalidation-${{ inputs.secretvalidation-wrapper-version }}.jar
+          asset_name: sechub-wrapper-secretvalidation-${{ inputs.secretvalidation-wrapper-version }}.jar
           asset_content_type: application/zip
 
-      - name: Upload asset sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar.sha256sum
+      - name: Upload asset sechub-wrapper-secretvalidation-${{ inputs.secretvalidation-wrapper-version }}.jar.sha256sum
         uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          upload_url: ${{ steps.create_validation-wrapper_release.outputs.upload_url }}
-          asset_path: sechub-wrapper-validation/build/libs/sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar.sha256sum
-          asset_name: sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar.sha256sum
+          upload_url: ${{ steps.create_secretvalidation-wrapper_release.outputs.upload_url }}
+          asset_path: sechub-wrapper-secretvalidation/build/libs/sechub-wrapper-secretvalidation-${{ inputs.secretvalidation-wrapper-version }}.jar.sha256sum
+          asset_name: sechub-wrapper-secretvalidation-${{ inputs.secretvalidation-wrapper-version }}.jar.sha256sum
           asset_content_type: text/plain
 
       # -----------------------------------------
       # Create release issue
       # -----------------------------------------
-      - name: Create Secretscan Validation Wrapper ${{ inputs.validation-wrapper-version }} release issue
+      - name: Create Secret-Validation Wrapper ${{ inputs.secretvalidation-wrapper-version }} release issue
         uses: dacbd/create-issue-action@main
         with:
           token: ${{ github.token }}
-          title: Release Secretscan Validation Wrapper ${{ inputs.validation-wrapper-version }}
+          title: Release Secret-Validation Wrapper ${{ inputs.secretvalidation-wrapper-version }}
           body: |
-            See [Milestone ${{inputs.validation-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.validation-wrapper-milestone-number}}?closed=1) for details.
+            See [Milestone ${{inputs.secretvalidation-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.secretvalidation-wrapper-milestone-number}}?closed=1) for details.
 
             Please close this issue after the release.
-          milestone: ${{ inputs.validation-wrapper-milestone-number }}
+          milestone: ${{ inputs.secretvalidation-wrapper-milestone-number }}
 
       # -----------------------------------------
       # Create a pull request for merging back `master` into `develop`
@@ -195,7 +195,7 @@ jobs:
           source_branch: "master"
           destination_branch: "develop"
           pr_allow_empty: true  # should allow an empty PR, but seems not to work
-          pr_title: '2 - After Secretscan Validation Wrapper release: Merge master back into develop [auto-generated]'
+          pr_title: '2 - After Secret-Validation Wrapper release: Merge master back into develop [auto-generated]'
           pr_body: |
             Merge master branch back into develop
 

buildSrc/src/main/groovy/VersionData.groovy

@@ -9,8 +9,9 @@ class VersionData{
     private static final String ID_WEBUI = "webui"
     private static final String ID_WRAPPER_CHECKMARX = "checkmarx wrapper"
     private static final String ID_WRAPPER_OWASPZAP = "owasp-zap wrapper"
-    private static final String ID_WRAPPER_XRAY= "xray wrapper"
     private static final String ID_WRAPPER_PREPARE= "prepare wrapper"
+    private static final String ID_WRAPPER_SECRETVALIDATION= "secretvalidation wrapper"
+    private static final String ID_WRAPPER_XRAY= "xray wrapper"
 
     private StringBuilder debugInfo = new StringBuilder();
 
@@ -28,10 +29,11 @@ class VersionData{
         initialize(ID_PDS_TOOLS,"PDS-Tools")
         initialize(ID_SERVER,   "Server")
         initialize(ID_WEBUI,    "WebUI")
-        initialize(ID_WRAPPER_CHECKMARX, "Checkmarx Wrapper")
-        initialize(ID_WRAPPER_OWASPZAP,  "OWASP-ZAP Wrapper")
-        initialize(ID_WRAPPER_XRAY,      "Xray Wrapper")
-        initialize(ID_WRAPPER_PREPARE,   "Prepare Wrapper")
+        initialize(ID_WRAPPER_CHECKMARX,        "Checkmarx Wrapper")
+        initialize(ID_WRAPPER_OWASPZAP,         "OWASP-ZAP Wrapper")
+        initialize(ID_WRAPPER_PREPARE,          "Prepare Wrapper")
+        initialize(ID_WRAPPER_SECRETVALIDATION, "SecretValidation Wrapper")
+        initialize(ID_WRAPPER_XRAY,             "Xray Wrapper")
     }
 
     public class VersionInfo{
@@ -43,7 +45,7 @@ class VersionData{
         String shortVersionForDocs
 
         public String describe(){
-            return text.padLeft(17)+": "+shortVersion+" ("+fullVersion+") docs: "+shortVersionForDocs
+            return text.padLeft(24)+": "+shortVersion+" ("+fullVersion+") docs: "+shortVersionForDocs
         }
 
     }
@@ -127,6 +129,10 @@ class VersionData{
         return map.get(ID_WRAPPER_PREPARE).getShortVersion()
     }
 
+    public String getSecretvalidationWrapperVersion(){
+        return map.get(ID_WRAPPER_SECRETVALIDATION).getShortVersion()
+    }
+
     public String getDebugInfo(){
 
         return "Debug info:\ncontainingAtLeastOneDirtyReleaseVersion=$containingAtLeastOneDirtyReleaseVersion\ncontainingAtLeastOneRealReleaseVersion=$containingAtLeastOneRealReleaseVersion\n\n$debugInfo";

gradle/build-versioning.gradle

@@ -46,14 +46,15 @@ def buildVersionFiles(){
     // We use "v${major}.${minor}.${hotfix}-${type}" pattern for tag names
     def clientVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-client") }
     def librariesVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-libraries") }
-    def checkmarxWrapperVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-checkmarx-wrapper") }
-    def owaspzapWrapperVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-owaspzap-wrapper") }
-    def xrayWrapperVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-xray-wrapper") }
-    def prepareWrapperVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-prepare-wrapper") }
     def pdsVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-pds") }
     def pdsToolsVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-pds-tools") }
     def serverVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-server") }
     def webuiVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-webui") }
+    def checkmarxWrapperVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-checkmarx-wrapper") }
+    def owaspzapWrapperVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-owaspzap-wrapper") }
+    def prepareWrapperVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-prepare-wrapper") }
+    def secretvalidationWrapperVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-secretvalidation-wrapper") }
+    def xrayWrapperVersionCommitTag = versionCommitTags.find{ it.name.endsWith("-xray-wrapper") }
 
     def unstagedChanges = git.status().unstaged
     def stagedChanges = git.status().staged
@@ -240,7 +241,23 @@ def buildVersionFiles(){
     def latestPrepareWrapperVersion = latestPrepareWrapperTag - 'v'
     latestPrepareWrapperVersion = latestPrepareWrapperVersion - "-prepare-wrapper"
 
-    def latestWrapperVersionInfo = versionData.defineVersion("Prepare Wrapper",buildVersionString(prepareWrapperVersionCommitTag, hasChanged, buildNumber),latestPrepareWrapperVersion)
+    def prepareWrapperVersionInfo = versionData.defineVersion("Prepare Wrapper",buildVersionString(prepareWrapperVersionCommitTag, hasChanged, buildNumber),latestPrepareWrapperVersion)
+
+    // ----------------------------
+    // - Secret Validation wrapper
+    // ----------------------------
+
+    // Get latest tagged secretvalidation-wrapper version
+    def latestSecretValidationWrapperTagCmd = [
+      'sh',
+      '-c',
+      'git tag -l --sort=-creatordate | grep -e \'^v.*-secretvalidation-wrapper$\' | head -1'
+    ]
+    def latestSecretValidationWrapperTag = latestSecretValidationWrapperTagCmd.execute().text.trim()
+    def latestSecretValidationWrapperVersion = latestSecretValidationWrapperTag - 'v'
+    latestSecretValidationWrapperVersion = latestSecretValidationWrapperVersion - "-secretvalidation-wrapper"
+
+    def secretvalidationWrapperVersionInfo = versionData.defineVersion("SecretValidation Wrapper",buildVersionString(secretvalidationWrapperVersionCommitTag, hasChanged, buildNumber),latestSecretValidationWrapperVersion)
 
 
     // ------------------------
@@ -269,8 +286,9 @@ def buildVersionFiles(){
     println(librariesVersionInfo.describe())
     println(checkmarxWrapperVersionInfo.describe())
     println(owaspzapWrapperVersionInfo.describe())
+    println(prepareWrapperVersionInfo.describe())
+    println(secretvalidationWrapperVersionInfo.describe())
     println(xrayWrapperVersionInfo.describe())
-    println(latestWrapperVersionInfo.describe())
 
     TimeDuration td = TimeCategory.minus( stop, start )
     println("\nTime elapsed to build versions: "+td)
@@ -322,6 +340,8 @@ def buildVersionString(commitTag, boolean hasChanged, buildNumber){
         calcversion = calcversion - "-webui"
         calcversion = calcversion - "-checkmarx-wrapper"
         calcversion = calcversion - "-owaspzap-wrapper"
+        calcversion = calcversion - "-prepare-wrapper"
+        calcversion = calcversion - "-secretvalidation-wrapper"
         calcversion = calcversion - "-xray-wrapper"
         // remove leading 'v'
         calcversion = calcversion - 'v'

gradle/projects.gradle

@@ -54,7 +54,7 @@ projectType = [
                     project(':sechub-wrapper-checkmarx'),
                     project(':sechub-wrapper-prepare'),
 
-                    project(':sechub-wrapper-secret-validator'),
+                    project(':sechub-wrapper-secretvalidation'),
 
                     /* archUnit */
                     project(':sechub-archunit-test')
@@ -103,7 +103,7 @@ projectType = [
                    project(':sechub-wrapper-checkmarx'),
                    project(':sechub-wrapper-prepare'),
                    project(':sechub-webui'),
-                   project(':sechub-wrapper-secret-validator'),
+                   project(':sechub-wrapper-secretvalidation'),
             ],
 
             springBootWebUIProjects:[

sechub-pds-solutions/gitleaks/docker/scripts/gitleaks.sh

@@ -1,9 +1,9 @@
 #!/usr/bin/bash
 # SPDX-License-Identifier: MIT
 
-declare -r secretvalidation_wrapper="$TOOL_FOLDER/sechub-wrapper-secret-validator.jar"
+declare -r secretvalidation_wrapper="$TOOL_FOLDER/sechub-wrapper-secretvalidation.jar"
 
-if [[ "$PDS_INTEGRATIONTEST_ENABLED" = "true" ]]; then
+if [[ "$PDS_INTEGRATIONTEST_ENABLED" = "true" ]] ; then
     echo "Integrationtest will be performed. Gitleaks will not be executed."
 
     # Execute the wrapper using the 'integrationtest' profile
@@ -13,7 +13,7 @@ if [[ "$PDS_INTEGRATIONTEST_ENABLED" = "true" ]]; then
 fi
 
 
-. "$SCRIPT_FOLDER/common.sh"
+source "$SCRIPT_FOLDER/common.sh"
 
 echo "Look for potential .git folder to perform history scan."
 
@@ -27,20 +27,17 @@ scan_target_directory="$PDS_JOB_EXTRACTED_SOURCES_FOLDER"
 gitleaks_options="--log-level debug --config $TOOL_FOLDER/custom-gitleaks.toml --source . --report-format sarif --report-path $PDS_JOB_RESULT_FILE --exit-code 0"
 
 # If the history scan was disabled, a normal filesystem scan is performed.
-if [ "$GITLEAKS_HISTORY_SCAN_ENABLED" = "false" ]
-then
+if [ "$GITLEAKS_HISTORY_SCAN_ENABLED" = "false" ] ; then
     gitleaks_options="$gitleaks_options --no-git"
     echo "History scan was disabled by an administrator. A secret scan on the filesystem without history deepscan will be done instead." | tee "$PDS_JOB_USER_MESSAGES_FOLDER"/history-scan-disabled.txt
 
 # If no '.git' directory was found we cannot scan the git history
-elif [ -z "$git_directory" ]
-then
+elif [ -z "$git_directory" ] ; then
     gitleaks_options="$gitleaks_options --no-git"
     echo "No .git folder was uploaded for the secret scan. A secret scan on the filesystem without history deepscan will be done instead." | tee "$PDS_JOB_USER_MESSAGES_FOLDER"/no-git.txt
 
 # If the value of 'git_directory' is not a valid directory there is more than a single result of the find command
-elif [ ! -d "$git_directory" ]
-then
+elif [ ! -d "$git_directory" ] ; then
     gitleaks_options="$gitleaks_options --no-git"
     echo "Multiple .git folders were uploaded for the secret scan. This is not supported. A secret scan on the filesystem without history deepscan will be done instead." | tee "$PDS_JOB_USER_MESSAGES_FOLDER"/multiple-git.txt