From 4296e454fc7223d44cc54bbde713fca6e4736de4 Mon Sep 17 00:00:00 2001
From: Dan Alima <ddalimaspam@gmail.com>
Date: Sun, 31 Dec 2023 17:01:39 +0200
Subject: [PATCH] trying to publish SCA report to Artifactory

---
 .github/workflows/maven-build.yml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml
index ee1e647b5..6e22be93d 100644
--- a/.github/workflows/maven-build.yml
+++ b/.github/workflows/maven-build.yml
@@ -9,7 +9,9 @@ on:
 jobs:
   build:
     env:
-      IMAGE_NAME: danvid.jfrog.io/spring-petclinic-docker/spring-petclinic
+      JF_REPO_NAME: danvid.jfrog.io
+      JF_REPO_PATH: spring-petclinic-docker
+      IMAGE_NAME: "spring-petclinic"
       SCA_REPORT_FILE: jfrog_sca_report.json
 
     runs-on: ubuntu-latest
@@ -37,12 +39,13 @@ jobs:
         run: ./mvnw test
       - name: Package the project as a runnable Docker image
         run: |
-          jf docker build -t ${{ env.IMAGE_NAME }}:${{ github.sha }} -t ${{ env.IMAGE_NAME }}:latest .
+          jf docker build -t ${{ env.JF_REPO_NAME }}/${{ env.JF_REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ github.sha }} -t ${{ env.JF_REPO_NAME }}/${{ env.JF_REPO_PATH }}/${{ env.IMAGE_NAME }}:latest .
 
       - name: Scan the project with your preferred SCA tool
         run: |
-          jf docker scan --format json ${{ env.IMAGE_NAME }}:${{ github.sha }} > ${{ env.SCA_REPORT_FILE }}
-      - uses: actions/upload-artifact@v4
+          jf docker scan --format json ${{ env.JF_REPO_NAME }}/${{ env.JF_REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ github.sha }} > ${{ env.SCA_REPORT_FILE }}
+      - name: Assign the SCA report to this Github Action workflow as an artifact
+        uses: actions/upload-artifact@v4
         with:
           name: sca_report
           path: ${{ env.SCA_REPORT_FILE }}
@@ -55,7 +58,7 @@ jobs:
           JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }}
         run: |
           # Push Docker Image to Artifactory
-          jf docker push ${{ env.IMAGE_NAME }} --all-tags
+          jf docker push ${{ env.JF_REPO_NAME }}/${{ env.JF_REPO_PATH }}/${{ env.IMAGE_NAME }} --all-tags
           # Export the build name and build nuber
           # Collect environment variables for the build
           jf rt build-collect-env
@@ -63,5 +66,7 @@ jobs:
           jf rt build-add-git
           # Publish build info
           jf rt build-publish
+          # Publish the local SCA scan report
+          jf rt upload ${{ env.SCA_REPORT_FILE }} ${{ env.JF_REPO_NAME }}/${{ env.JF_REPO_PATH }}/${{ env.SCA_REPORT_FILE }}_${{ env.IMAGE_NAME }}:${{ github.sha }}
 
     
\ No newline at end of file