Update contrast_security_app.yaml #12
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # DISCLAIMER: This workflow file has been auto-generated and committed to the repo by the GitHub App from Contrast Security. | |
| # Manual edits to this file could cause the integration to produce unexpected behavior or break. | |
| # Version: 1.0.1 | |
| # Last updated: 2025-06-12T13:52:06.657445917Z | |
| name: Contrast Security App Workflow | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - PRODSEC-1 | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| branches: | |
| - main | |
| jobs: | |
| fingerprint_repo: | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| - name: Run Contrast SCA Fingerprint | |
| id: fingerprint | |
| uses: Contrast-Security-OSS/contrast-sca-action@v3 | |
| with: | |
| apiKey: ${{ secrets.CONTRAST_GITHUB_APP_API_KEY }} | |
| authHeader: ${{ secrets.CONTRAST_GITHUB_APP_AUTH_HEADER }} | |
| orgId: ${{ secrets.CONTRAST_GITHUB_APP_ORG_ID }} | |
| apiUrl: ${{ secrets.CONTRAST_GITHUB_APP_TS_URL }} | |
| repoUrl: ${{ github.server_url }}/${{ github.repository }} | |
| repoName: ${{ github.repository }} | |
| externalId: ${{ secrets.CONTRAST_GITHUB_APP_ID }} | |
| command: fingerprint | |
| outputs: | |
| fingerprint: ${{ steps.fingerprint.outputs.fingerprint }} | |
| analyze_dependencies: | |
| if: ${{ needs.fingerprint_repo.outputs.fingerprint != '' }} | |
| needs: fingerprint_repo | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| manifest: | |
| - ${{ fromJson(needs.fingerprint_repo.outputs.fingerprint) }} | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| - name: Run Contrast SCA Audit | |
| uses: Contrast-Security-OSS/contrast-sca-action@v3 | |
| with: | |
| apiKey: ${{ secrets.CONTRAST_GITHUB_APP_API_KEY }} | |
| authHeader: ${{ secrets.CONTRAST_GITHUB_APP_AUTH_HEADER }} | |
| orgId: ${{ vars.CONTRAST_GITHUB_APP_ORG_ID }} | |
| apiUrl: ${{ vars.CONTRAST_GITHUB_APP_TS_URL }} | |
| filePath: ${{ matrix.manifest.filePath }} | |
| repositoryId: ${{ matrix.manifest.repositoryId }} | |
| projectGroupId: ${{ matrix.manifest.projectGroupId }} | |
| # --- Debugging Steps (CRITICAL for your issue) --- | |
| # Step 1: List files to confirm the log file's presence and location | |
| - name: List Files After Contrast Audit | |
| if: always() # Run this step even if the previous audit step fails | |
| run: | | |
| echo "Listing files in current directory (should be /home/runner/work/mcp-contrast/mcp-contrast):" | |
| ls -F | |
| echo "" | |
| echo "Listing files recursively from current directory:" | |
| ls -R | |
| echo "" | |
| echo "Searching for any file containing 'contrast.log' in its name:" | |
| find . -name "*contrast.log*" | |
| # Step 2: Print the content of the expected log file to the job output | |
| - name: Print Contrast Audit Log Content | |
| if: always() # Run this step even if the previous audit step fails | |
| run: | | |
| LOG_FILE="pom.xml.contrast.log" | |
| if [ -f "$LOG_FILE" ]; then | |
| echo "--- START OF $LOG_FILE CONTENT ---" | |
| cat "$LOG_FILE" | |
| echo "--- END OF $LOG_FILE CONTENT ---" | |
| else | |
| echo "WARNING: Log file '$LOG_FILE' was not found at this path." | |
| fi | |
| # Step 3: Upload the log file as an artifact | |
| - name: Upload Contrast Audit Log Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: contrast-sca-audit-log | |
| path: pom.xml.contrast.log # <--- !!! THIS IS THE CRUCIAL FIX !!! Ensure this matches the log file name | |
| retention-days: 5 # Optional: how long to keep the artifact | |
| if: always() # Upload even if the job fails, so you can inspect the log | |
| # --- Optional: Notifications/Status Updates --- | |
| # Example: Post a status if the audit failed (as seen in your original output) | |
| - name: Audit Status Check | |
| if: ${{ failure() }} | |
| run: | | |
| echo "Audit failed check logs in pom.xml.contrast.log for more info" | |
| exit 1 # Ensures the workflow step also fails if this condition is met |