Scan model-compression-kit in Black Duck

.github/workflows/black_duck_scan.yml

@@ -0,0 +1,116 @@
+name: Black Duck Scan
+on:
+  push:
+    branches:
+      [ add_blackduck_scan ]
+
+
+env:
+  BLACKDUCK_PROJECT_NAME: ${{ github.event.repository.name }}
+  BLACKDUCK_VERSION_NAME: "latest"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+jobs:
+  blackduck:
+    name: Black-Duck action
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+      - name: Install Python 🔧
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.8'
+      - name: Build Wheel
+        id: get_version
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install twine
+          python setup.py bdist_wheel
+          unzip -o ./dist/model_compression_toolkit-2.2.0-py3-none-any.whl -d ./dist
+          version=$(python -c 'import model_compression_toolkit; print(model_compression_toolkit.__version__)')
+          echo "model_compression_version=$version" >> $GITHUB_OUTPUT
+      - name: Black Duck Full Scan
+        uses: synopsys-sig/[email protected]
+        env:
+          DETECT_PROJECT_NAME: ${{ env.BLACKDUCK_PROJECT_NAME }}
+          DETECT_PROJECT_VERSION_NAME: ${{ env.BLACKDUCK_VERSION_NAME }}
+          DETECT_PIP_REQUIREMENTS_PATH: requirements.txt
+          DETECT_BLACKDUCK_SIGNATURE_SCANNER_PATHS: dist/model_compression_toolkit
+          DETECT_BLACKDUCK_SIGNATURE_SCANNER_SNIPPET_MATCHING: SNIPPET_MATCHING
+          DETECT_RISK_REPORT_PDF: true
+          DETECT_TIMEOUT: 360000
+        with:
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+      - name: Handle Black Duck scan failure
+        if: ${{ failure() }}
+        shell: bash
+        run: |
+          echo "No report was created due to a failure in black duck scan" > model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}.json
+          cat model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}.json
+          mkdir model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}
+          cp -r ./model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}.json model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}
+          ls model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}
+          text="The Black-Duck scan failed; therefore, the JSON report created is a dump report.There are no PDF/ver_src reports"
+          echo "::warning::$text"
+      - name: Verify Black Duck Sources Scan
+        if: ${{ success() }}
+        uses: ssi-dnn/sdsp-converter-actions/black-duck-verify-sources@main
+        with:
+          BLACKDUCK_API_TOKEN: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          BLACKDUCK_PROJECT_NAME: ${{ env.BLACKDUCK_PROJECT_NAME }}
+          BLACKDUCK_VERSION_NAME: ${{ env.BLACKDUCK_VERSION_NAME }}
+          BLACKDUCK_SUB_PROJECTS_NAME: ${{ env.BLACKDUCK_SUB_PROJECTS_NAME }}
+          BLACKDUCK_VERIFY_SOURCES_JSON: model_compression_ver_src_${{ steps.get_version.outputs.model_compression_version }}.json
+      - name: Get Black Duck Scan Result
+        if: ${{ success() }}
+        uses: ssi-dnn/sdsp-converter-actions/black-duck-tool@main
+        with:
+          BLACKDUCK_API_TOKEN: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          BLACKDUCK_PROJECT_NAME: ${{ env.BLACKDUCK_PROJECT_NAME }}
+          BLACKDUCK_VERSION_NAME: ${{ env.BLACKDUCK_VERSION_NAME }}
+          BLACKDUCK_REPORT_FILE_NAME: model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}.json
+      - name: Create black duck dir
+        if: ${{ success() }}
+        run: |
+          ls
+          mkdir model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}
+          pdf_project_name=$(echo "${{ env.BLACKDUCK_PROJECT_NAME }}" | tr '-' '_')
+          echo $pdf_project_name
+          cp -r ./model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}.json model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}
+          cp -r ./model_compression_ver_src_${{ steps.get_version.outputs.model_compression_version }}.json model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}
+          cp -r ./${pdf_project_name}_${{ env.BLACKDUCK_VERSION_NAME }}_BlackDuck_RiskReport.pdf model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}
+          ls model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}
+      - name: Upload scan result
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        env:
+          file_path: ./model_compression_scan_${{ steps.get_version.outputs.model_compression_version }}
+        with:
+          name: bd-scan-result
+          path: ${{ env.file_path }}
+          retention-days: 1
+    outputs:
+       model_compression_version: ${{ steps.get_version.outputs.model_compression_version }}
+
+
+  save_blackduck_scan_result:
+    name: Save scan result - Black-Duck
+    needs: [ blackduck ]
+    env:
+      PATH_TO_SAVE: /home/sdsprobot/blackduck_scans/model_compression_scans/model_compression_scan_${{ needs.blackduck.outputs.model_compression_version }}/
+    runs-on:
+      group: DNN01
+      labels: self-hosted
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: bd-scan-result
+          path: ${{ env.PATH_TO_SAVE }}