Added RL scanner workflow

pmathew92 · pmathew92 · commit fbcc611da752 · 2024-10-23T19:36:32.000+05:30
diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml
@@ -0,0 +1,85 @@
+
+name: RL-Security-Scanner
+run-name: rl-security-scanner
+
+
+on:
+  merge_group:
+  workflow_dispatch:
+  push:
+    branches: ["main"]
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+jobs:
+  checkout-build-scan-only:
+    if: github.event_name == 'workflow_dispatch' ||
+      (github.event_name == 'pull_request')
+    # && startsWith(github.event.pull_request.head.ref, 'release/'))
+    runs-on: ubuntu-latest
+
+
+    permissions:
+      pull-requests: write
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up
+        uses: ./.github/actions/setup
+
+      - name: Build with gradle
+        shell: bash
+        run: ./gradlew :auth0:assembleRelease
+
+      - name: Get Artifact Version
+        id: get_version
+        run: |
+          version=$(cat .version)
+          echo "version=$version" >> $GITHUB_OUTPUT
+
+      - name: List build contents
+        run: ls -la auth0/build/outputs/aar
+
+      - name: Output build artifact
+        id: output_build_artifact
+        run: |
+            echo "scanfile=$(pwd)/auth0/build/outputs/aar/auth0-release-${{ steps.get_version.outputs.version }}.aar" >> $GITHUB_OUTPUT  
+
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+
+      - name: Install Python dependencies
+        run: |
+          pip install --upgrade pip
+          pip install boto3 requests
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.PRODSEC_TOOLS_ARN }}
+          aws-region: us-east-1
+          mask-aws-account-id: true
+
+      - name: Run Reversing Labs Wrapper Scanner
+        env:
+          RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+          RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+          SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+          WRAPPER_INDEX_URL: "https://${{ secrets.PRODSEC_TOOLS_USER }}:${{ secrets.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
+          PYTHONUNBUFFERED: 1
+        run: |
+          pip install rl-wrapper --index-url "$WRAPPER_INDEX_URL" && \
+          rl-wrapper \
+            --artifact "${{ steps.output_build_artifact.outputs.scanfile }}" \
+            --version "${{ steps.get_version.outputs.version }}" \
+            --name "${{ github.event.repository.name }}" \
+            --repository "${{ github.repository }}" \
+            --commit "${{ github.sha }}" \
+            --build-env "github_actions" \
+            --suppress_output
+        continue-on-error: true
