sap-jenkins-library/cmd/codeqlExecuteScan_generated.go

// Code generated by piper's step-generator. DO NOT EDIT.

package cmd

import (
	"fmt"
	"os"
	"reflect"
	"strings"
	"time"

	"github.com/SAP/jenkins-library/pkg/config"
	"github.com/SAP/jenkins-library/pkg/gcs"
	"github.com/SAP/jenkins-library/pkg/log"
	"github.com/SAP/jenkins-library/pkg/splunk"
	"github.com/SAP/jenkins-library/pkg/telemetry"
	"github.com/SAP/jenkins-library/pkg/validation"
	"github.com/bmatcuk/doublestar"
	"github.com/spf13/cobra"
)

type codeqlExecuteScanOptions struct {
	GithubToken   string `json:"githubToken,omitempty"`
	BuildTool     string `json:"buildTool,omitempty" validate:"possible-values=custom maven golang npm pip yarn"`
	BuildCommand  string `json:"buildCommand,omitempty"`
	Language      string `json:"language,omitempty"`
	ModulePath    string `json:"modulePath,omitempty"`
	Database      string `json:"database,omitempty"`
	QuerySuite    string `json:"querySuite,omitempty"`
	UploadResults bool   `json:"uploadResults,omitempty"`
	AnalyzedRef   string `json:"analyzedRef,omitempty"`
	Repository    string `json:"repository,omitempty"`
	CommitID      string `json:"commitId,omitempty"`
}

type codeqlExecuteScanReports struct {
}

func (p *codeqlExecuteScanReports) persist(stepConfig codeqlExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) {
	if gcsBucketId == "" {
		log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty")
		return
	}
	log.Entry().Info("Uploading reports to Google Cloud Storage...")
	content := []gcs.ReportOutputParam{
		{FilePattern: "**/*.csv", ParamRef: "", StepResultType: "codeql"},
		{FilePattern: "**/*.sarif", ParamRef: "", StepResultType: "codeql"},
	}
	envVars := []gcs.EnvVar{
		{Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false},
	}
	gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars))
	if err != nil {
		log.Entry().Errorf("creation of GCS client failed: %v", err)
		return
	}
	defer gcsClient.Close()
	structVal := reflect.ValueOf(&stepConfig).Elem()
	inputParameters := map[string]string{}
	for i := 0; i < structVal.NumField(); i++ {
		field := structVal.Type().Field(i)
		if field.Type.String() == "string" {
			paramName := strings.Split(field.Tag.Get("json"), ",")
			paramValue, _ := structVal.Field(i).Interface().(string)
			inputParameters[paramName[0]] = paramValue
		}
	}
	if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil {
		log.Entry().Errorf("failed to persist reports: %v", err)
	}
}

// CodeqlExecuteScanCommand This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.
func CodeqlExecuteScanCommand() *cobra.Command {
	const STEP_NAME = "codeqlExecuteScan"

	metadata := codeqlExecuteScanMetadata()
	var stepConfig codeqlExecuteScanOptions
	var startTime time.Time
	var reports codeqlExecuteScanReports
	var logCollector *log.CollectorHook
	var splunkClient *splunk.Splunk
	telemetryClient := &telemetry.Telemetry{}

	var createCodeqlExecuteScanCmd = &cobra.Command{
		Use:   STEP_NAME,
		Short: "This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.",
		Long: `This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.

The codeql step triggers a scan locally on your orchestrator (e.g. Jenkins) within a docker container so finally you have to supply a docker image with codeql
and Java plus Maven.`,
		PreRunE: func(cmd *cobra.Command, _ []string) error {
			startTime = time.Now()
			log.SetStepName(STEP_NAME)
			log.SetVerbose(GeneralConfig.Verbose)

			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)

			path, _ := os.Getwd()
			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
			log.RegisterHook(fatalHook)

			err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile)
			if err != nil {
				log.SetErrorCategory(log.ErrorConfiguration)
				return err
			}
			log.RegisterSecret(stepConfig.GithubToken)

			if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 {
				sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID)
				log.RegisterHook(&sentryHook)
			}

			if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {
				splunkClient = &splunk.Splunk{}
				logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID}
				log.RegisterHook(logCollector)
			}

			if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil {
				log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook")
			}

			validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages())
			if err != nil {
				return err
			}
			if err = validation.ValidateStruct(stepConfig); err != nil {
				log.SetErrorCategory(log.ErrorConfiguration)
				return err
			}

			return nil
		},
		Run: func(_ *cobra.Command, _ []string) {
			stepTelemetryData := telemetry.CustomData{}
			stepTelemetryData.ErrorCode = "1"
			handler := func() {
				reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder)
				config.RemoveVaultSecretFiles()
				stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
				stepTelemetryData.ErrorCategory = log.GetErrorCategory().String()
				stepTelemetryData.PiperCommitHash = GitCommit
				telemetryClient.SetData(&stepTelemetryData)
				telemetryClient.Send()
				if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {
					splunkClient.Send(telemetryClient.GetData(), logCollector)
				}
			}
			log.DeferExitHandler(handler)
			defer handler()
			telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME)
			if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {
				splunkClient.Initialize(GeneralConfig.CorrelationID,
					GeneralConfig.HookConfig.SplunkConfig.Dsn,
					GeneralConfig.HookConfig.SplunkConfig.Token,
					GeneralConfig.HookConfig.SplunkConfig.Index,
					GeneralConfig.HookConfig.SplunkConfig.SendLogs)
			}
			codeqlExecuteScan(stepConfig, &stepTelemetryData)
			stepTelemetryData.ErrorCode = "0"
			log.Entry().Info("SUCCESS")
		},
	}

	addCodeqlExecuteScanFlags(createCodeqlExecuteScanCmd, &stepConfig)
	return createCodeqlExecuteScanCmd
}

func addCodeqlExecuteScanFlags(cmd *cobra.Command, stepConfig *codeqlExecuteScanOptions) {
	cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line")
	cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", `maven`, "Defines the build tool which is used for building the project.")
	cmd.Flags().StringVar(&stepConfig.BuildCommand, "buildCommand", os.Getenv("PIPER_buildCommand"), "Command to build the project")
	cmd.Flags().StringVar(&stepConfig.Language, "language", os.Getenv("PIPER_language"), "The programming language used to analyze.")
	cmd.Flags().StringVar(&stepConfig.ModulePath, "modulePath", `./`, "Allows providing the path for the module to scan")
	cmd.Flags().StringVar(&stepConfig.Database, "database", `codeqlDB`, "Path to the CodeQL database to create. This directory will be created, and must not already exist.")
	cmd.Flags().StringVar(&stepConfig.QuerySuite, "querySuite", os.Getenv("PIPER_querySuite"), "The name of a CodeQL query suite. If omitted, the default query suite for the language of the database being analyzed will be used.")
	cmd.Flags().BoolVar(&stepConfig.UploadResults, "uploadResults", false, "Allows you to upload codeql SARIF results to your github project. You will need to set githubToken for this.")
	cmd.Flags().StringVar(&stepConfig.AnalyzedRef, "analyzedRef", os.Getenv("PIPER_analyzedRef"), "Name of the ref that was analyzed.")
	cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "URL of the GitHub instance")
	cmd.Flags().StringVar(&stepConfig.CommitID, "commitId", os.Getenv("PIPER_commitId"), "SHA of commit that was analyzed.")

	cmd.MarkFlagRequired("buildTool")
}

// retrieve step metadata
func codeqlExecuteScanMetadata() config.StepData {
	var theMetaData = config.StepData{
		Metadata: config.StepMetadata{
			Name:        "codeqlExecuteScan",
			Aliases:     []config.Alias{},
			Description: "This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.",
		},
		Spec: config.StepSpec{
			Inputs: config.StepInputs{
				Secrets: []config.StepSecrets{
					{Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"},
				},
				Parameters: []config.StepParameters{
					{
						Name: "githubToken",
						ResourceRef: []config.ResourceReference{
							{
								Name: "githubTokenCredentialsId",
								Type: "secret",
							},

							{
								Name:    "githubVaultSecretName",
								Type:    "vaultSecret",
								Default: "github",
							},
						},
						Scope:     []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
						Type:      "string",
						Mandatory: false,
						Aliases:   []config.Alias{{Name: "access_token"}},
						Default:   os.Getenv("PIPER_githubToken"),
					},
					{
						Name:        "buildTool",
						ResourceRef: []config.ResourceReference{},
						Scope:       []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
						Type:        "string",
						Mandatory:   true,
						Aliases:     []config.Alias{},
						Default:     `maven`,
					},
					{
						Name:        "buildCommand",
						ResourceRef: []config.ResourceReference{},
						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
						Type:        "string",
						Mandatory:   false,
						Aliases:     []config.Alias{},
						Default:     os.Getenv("PIPER_buildCommand"),
					},
					{
						Name:        "language",
						ResourceRef: []config.ResourceReference{},
						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
						Type:        "string",
						Mandatory:   false,
						Aliases:     []config.Alias{},
						Default:     os.Getenv("PIPER_language"),
					},
					{
						Name:        "modulePath",
						ResourceRef: []config.ResourceReference{},
						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
						Type:        "string",
						Mandatory:   false,
						Aliases:     []config.Alias{},
						Default:     `./`,
					},
					{
						Name:        "database",
						ResourceRef: []config.ResourceReference{},
						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
						Type:        "string",
						Mandatory:   false,
						Aliases:     []config.Alias{},
						Default:     `codeqlDB`,
					},
					{
						Name:        "querySuite",
						ResourceRef: []config.ResourceReference{},
						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
						Type:        "string",
						Mandatory:   false,
						Aliases:     []config.Alias{},
						Default:     os.Getenv("PIPER_querySuite"),
					},
					{
						Name:        "uploadResults",
						ResourceRef: []config.ResourceReference{},
						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
						Type:        "bool",
						Mandatory:   false,
						Aliases:     []config.Alias{},
						Default:     false,
					},
					{
						Name: "analyzedRef",
						ResourceRef: []config.ResourceReference{
							{
								Name:  "commonPipelineEnvironment",
								Param: "git/ref",
							},
						},
						Scope:     []string{},
						Type:      "string",
						Mandatory: false,
						Aliases:   []config.Alias{},
						Default:   os.Getenv("PIPER_analyzedRef"),
					},
					{
						Name: "repository",
						ResourceRef: []config.ResourceReference{
							{
								Name:  "commonPipelineEnvironment",
								Param: "git/httpsUrl",
							},
						},
						Scope:     []string{},
						Type:      "string",
						Mandatory: false,
						Aliases:   []config.Alias{{Name: "githubRepo"}},
						Default:   os.Getenv("PIPER_repository"),
					},
					{
						Name: "commitId",
						ResourceRef: []config.ResourceReference{
							{
								Name:  "commonPipelineEnvironment",
								Param: "git/remoteCommitId",
							},
						},
						Scope:     []string{},
						Type:      "string",
						Mandatory: false,
						Aliases:   []config.Alias{},
						Default:   os.Getenv("PIPER_commitId"),
					},
				},
			},
			Containers: []config.Container{
				{},
			},
			Outputs: config.StepOutputs{
				Resources: []config.StepResources{
					{
						Name: "reports",
						Type: "reports",
						Parameters: []map[string]interface{}{
							{"filePattern": "**/*.csv", "type": "codeql"},
							{"filePattern": "**/*.sarif", "type": "codeql"},
						},
					},
				},
			},
		},
	}
	return theMetaData
}
feat(codeql): new codeql piper step (#3765) * codeql piper step 2022-06-24 09:04:24 +02:00			`// Code generated by piper's step-generator. DO NOT EDIT.`

			`package cmd`

			`import (`
			`"fmt"`
			`"os"`
			`"reflect"`
			`"strings"`
			`"time"`

			`"github.com/SAP/jenkins-library/pkg/config"`
			`"github.com/SAP/jenkins-library/pkg/gcs"`
			`"github.com/SAP/jenkins-library/pkg/log"`
			`"github.com/SAP/jenkins-library/pkg/splunk"`
			`"github.com/SAP/jenkins-library/pkg/telemetry"`
			`"github.com/SAP/jenkins-library/pkg/validation"`
			`"github.com/bmatcuk/doublestar"`
			`"github.com/spf13/cobra"`
			`)`

			`type codeqlExecuteScanOptions struct {`
			GithubToken string `json:"githubToken,omitempty"`
			BuildTool string `json:"buildTool,omitempty" validate:"possible-values=custom maven golang npm pip yarn"`
			BuildCommand string `json:"buildCommand,omitempty"`
			Language string `json:"language,omitempty"`
			ModulePath string `json:"modulePath,omitempty"`
feat(codeql): new codeql db parameter (#3902) 2022-07-20 10:07:57 +02:00			Database string `json:"database,omitempty"`
feat(codeql): new codeql piper step (#3765) * codeql piper step 2022-06-24 09:04:24 +02:00			QuerySuite string `json:"querySuite,omitempty"`
			UploadResults bool `json:"uploadResults,omitempty"`
			AnalyzedRef string `json:"analyzedRef,omitempty"`
			Repository string `json:"repository,omitempty"`
			CommitID string `json:"commitId,omitempty"`
			`}`

			`type codeqlExecuteScanReports struct {`
			`}`

			`func (p *codeqlExecuteScanReports) persist(stepConfig codeqlExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) {`
			`if gcsBucketId == "" {`
			`log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty")`
			`return`
			`}`
			`log.Entry().Info("Uploading reports to Google Cloud Storage...")`
			`content := []gcs.ReportOutputParam{`
			`{FilePattern: "*/.csv", ParamRef: "", StepResultType: "codeql"},`
			`{FilePattern: "*/.sarif", ParamRef: "", StepResultType: "codeql"},`
			`}`
			`envVars := []gcs.EnvVar{`
			`{Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false},`
			`}`
			`gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars))`
			`if err != nil {`
			`log.Entry().Errorf("creation of GCS client failed: %v", err)`
			`return`
			`}`
			`defer gcsClient.Close()`
			`structVal := reflect.ValueOf(&stepConfig).Elem()`
			`inputParameters := map[string]string{}`
			`for i := 0; i < structVal.NumField(); i++ {`
			`field := structVal.Type().Field(i)`
			`if field.Type.String() == "string" {`
			`paramName := strings.Split(field.Tag.Get("json"), ",")`
			`paramValue, _ := structVal.Field(i).Interface().(string)`
			`inputParameters[paramName[0]] = paramValue`
			`}`
			`}`
			`if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil {`
			`log.Entry().Errorf("failed to persist reports: %v", err)`
			`}`
			`}`

			`// CodeqlExecuteScanCommand This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.`
			`func CodeqlExecuteScanCommand() *cobra.Command {`
			`const STEP_NAME = "codeqlExecuteScan"`

			`metadata := codeqlExecuteScanMetadata()`
			`var stepConfig codeqlExecuteScanOptions`
			`var startTime time.Time`
			`var reports codeqlExecuteScanReports`
			`var logCollector *log.CollectorHook`
			`var splunkClient *splunk.Splunk`
			`telemetryClient := &telemetry.Telemetry{}`

			`var createCodeqlExecuteScanCmd = &cobra.Command{`
			`Use: STEP_NAME,`
			`Short: "This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.",`
			Long: `This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.

			`The codeql step triggers a scan locally on your orchestrator (e.g. Jenkins) within a docker container so finally you have to supply a docker image with codeql`
			and Java plus Maven.`,
			`PreRunE: func(cmd *cobra.Command, _ []string) error {`
			`startTime = time.Now()`
			`log.SetStepName(STEP_NAME)`
			`log.SetVerbose(GeneralConfig.Verbose)`

			`GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)`

			`path, _ := os.Getwd()`
			`fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}`
			`log.RegisterHook(fatalHook)`

			`err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile)`
			`if err != nil {`
			`log.SetErrorCategory(log.ErrorConfiguration)`
			`return err`
			`}`
			`log.RegisterSecret(stepConfig.GithubToken)`

			`if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 {`
			`sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID)`
			`log.RegisterHook(&sentryHook)`
			`}`

			`if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {`
			`splunkClient = &splunk.Splunk{}`
			`logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID}`
			`log.RegisterHook(logCollector)`
			`}`

			`if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil {`
			`log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook")`
			`}`

			`validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages())`
			`if err != nil {`
			`return err`
			`}`
			`if err = validation.ValidateStruct(stepConfig); err != nil {`
			`log.SetErrorCategory(log.ErrorConfiguration)`
			`return err`
			`}`

			`return nil`
			`},`
			`Run: func(_ *cobra.Command, _ []string) {`
			`stepTelemetryData := telemetry.CustomData{}`
			`stepTelemetryData.ErrorCode = "1"`
			`handler := func() {`
			`reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder)`
			`config.RemoveVaultSecretFiles()`
			`stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())`
			`stepTelemetryData.ErrorCategory = log.GetErrorCategory().String()`
			`stepTelemetryData.PiperCommitHash = GitCommit`
			`telemetryClient.SetData(&stepTelemetryData)`
			`telemetryClient.Send()`
			`if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {`
			`splunkClient.Send(telemetryClient.GetData(), logCollector)`
			`}`
			`}`
			`log.DeferExitHandler(handler)`
			`defer handler()`
			`telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME)`
			`if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {`
			`splunkClient.Initialize(GeneralConfig.CorrelationID,`
			`GeneralConfig.HookConfig.SplunkConfig.Dsn,`
			`GeneralConfig.HookConfig.SplunkConfig.Token,`
			`GeneralConfig.HookConfig.SplunkConfig.Index,`
			`GeneralConfig.HookConfig.SplunkConfig.SendLogs)`
			`}`
			`codeqlExecuteScan(stepConfig, &stepTelemetryData)`
			`stepTelemetryData.ErrorCode = "0"`
			`log.Entry().Info("SUCCESS")`
			`},`
			`}`

			`addCodeqlExecuteScanFlags(createCodeqlExecuteScanCmd, &stepConfig)`
			`return createCodeqlExecuteScanCmd`
			`}`

			`func addCodeqlExecuteScanFlags(cmd cobra.Command, stepConfig codeqlExecuteScanOptions) {`
			`cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line")`
			cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", `maven`, "Defines the build tool which is used for building the project.")
			`cmd.Flags().StringVar(&stepConfig.BuildCommand, "buildCommand", os.Getenv("PIPER_buildCommand"), "Command to build the project")`
			`cmd.Flags().StringVar(&stepConfig.Language, "language", os.Getenv("PIPER_language"), "The programming language used to analyze.")`
			cmd.Flags().StringVar(&stepConfig.ModulePath, "modulePath", `./`, "Allows providing the path for the module to scan")
feat(codeql): new codeql db parameter (#3902) 2022-07-20 10:07:57 +02:00			cmd.Flags().StringVar(&stepConfig.Database, "database", `codeqlDB`, "Path to the CodeQL database to create. This directory will be created, and must not already exist.")
feat(codeql): new codeql piper step (#3765) * codeql piper step 2022-06-24 09:04:24 +02:00			`cmd.Flags().StringVar(&stepConfig.QuerySuite, "querySuite", os.Getenv("PIPER_querySuite"), "The name of a CodeQL query suite. If omitted, the default query suite for the language of the database being analyzed will be used.")`
			`cmd.Flags().BoolVar(&stepConfig.UploadResults, "uploadResults", false, "Allows you to upload codeql SARIF results to your github project. You will need to set githubToken for this.")`
			`cmd.Flags().StringVar(&stepConfig.AnalyzedRef, "analyzedRef", os.Getenv("PIPER_analyzedRef"), "Name of the ref that was analyzed.")`
			`cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "URL of the GitHub instance")`
			`cmd.Flags().StringVar(&stepConfig.CommitID, "commitId", os.Getenv("PIPER_commitId"), "SHA of commit that was analyzed.")`

			`cmd.MarkFlagRequired("buildTool")`
			`}`

			`// retrieve step metadata`
			`func codeqlExecuteScanMetadata() config.StepData {`
			`var theMetaData = config.StepData{`
			`Metadata: config.StepMetadata{`
			`Name: "codeqlExecuteScan",`
			`Aliases: []config.Alias{},`
			`Description: "This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.",`
			`},`
			`Spec: config.StepSpec{`
			`Inputs: config.StepInputs{`
			`Secrets: []config.StepSecrets{`
			`{Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"},`
			`},`
			`Parameters: []config.StepParameters{`
			`{`
			`Name: "githubToken",`
			`ResourceRef: []config.ResourceReference{`
			`{`
			`Name: "githubTokenCredentialsId",`
			`Type: "secret",`
			`},`

			`{`
			`Name: "githubVaultSecretName",`
			`Type: "vaultSecret",`
			`Default: "github",`
			`},`
			`},`
			`Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},`
			`Type: "string",`
			`Mandatory: false,`
			`Aliases: []config.Alias{{Name: "access_token"}},`
			`Default: os.Getenv("PIPER_githubToken"),`
			`},`
			`{`
			`Name: "buildTool",`
			`ResourceRef: []config.ResourceReference{},`
			`Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},`
			`Type: "string",`
			`Mandatory: true,`
			`Aliases: []config.Alias{},`
			Default: `maven`,
			`},`
			`{`
			`Name: "buildCommand",`
			`ResourceRef: []config.ResourceReference{},`
			`Scope: []string{"PARAMETERS", "STAGES", "STEPS"},`
			`Type: "string",`
			`Mandatory: false,`
			`Aliases: []config.Alias{},`
			`Default: os.Getenv("PIPER_buildCommand"),`
			`},`
			`{`
			`Name: "language",`
			`ResourceRef: []config.ResourceReference{},`
			`Scope: []string{"PARAMETERS", "STAGES", "STEPS"},`
			`Type: "string",`
			`Mandatory: false,`
			`Aliases: []config.Alias{},`
			`Default: os.Getenv("PIPER_language"),`
			`},`
			`{`
			`Name: "modulePath",`
			`ResourceRef: []config.ResourceReference{},`
			`Scope: []string{"PARAMETERS", "STAGES", "STEPS"},`
			`Type: "string",`
			`Mandatory: false,`
			`Aliases: []config.Alias{},`
			Default: `./`,
			`},`
feat(codeql): new codeql db parameter (#3902) 2022-07-20 10:07:57 +02:00			`{`
			`Name: "database",`
			`ResourceRef: []config.ResourceReference{},`
			`Scope: []string{"PARAMETERS", "STAGES", "STEPS"},`
			`Type: "string",`
			`Mandatory: false,`
			`Aliases: []config.Alias{},`
			Default: `codeqlDB`,
			`},`
feat(codeql): new codeql piper step (#3765) * codeql piper step 2022-06-24 09:04:24 +02:00			`{`
			`Name: "querySuite",`
			`ResourceRef: []config.ResourceReference{},`
			`Scope: []string{"PARAMETERS", "STAGES", "STEPS"},`
			`Type: "string",`
			`Mandatory: false,`
			`Aliases: []config.Alias{},`
			`Default: os.Getenv("PIPER_querySuite"),`
			`},`
			`{`
			`Name: "uploadResults",`
			`ResourceRef: []config.ResourceReference{},`
			`Scope: []string{"PARAMETERS", "STAGES", "STEPS"},`
			`Type: "bool",`
			`Mandatory: false,`
			`Aliases: []config.Alias{},`
			`Default: false,`
			`},`
			`{`
			`Name: "analyzedRef",`
			`ResourceRef: []config.ResourceReference{`
			`{`
			`Name: "commonPipelineEnvironment",`
			`Param: "git/ref",`
			`},`
			`},`
			`Scope: []string{},`
			`Type: "string",`
			`Mandatory: false,`
			`Aliases: []config.Alias{},`
			`Default: os.Getenv("PIPER_analyzedRef"),`
			`},`
			`{`
			`Name: "repository",`
			`ResourceRef: []config.ResourceReference{`
			`{`
			`Name: "commonPipelineEnvironment",`
			`Param: "git/httpsUrl",`
			`},`
			`},`
			`Scope: []string{},`
			`Type: "string",`
			`Mandatory: false,`
			`Aliases: []config.Alias{{Name: "githubRepo"}},`
			`Default: os.Getenv("PIPER_repository"),`
			`},`
			`{`
			`Name: "commitId",`
			`ResourceRef: []config.ResourceReference{`
			`{`
			`Name: "commonPipelineEnvironment",`
feat(codeql) merge commit git reference (#3877) Sets git reference and gitRemoteCommitId. Jenkins has 2 strategies - 'Merging the pull request with the current target branch revision' and 'The current pull request revision'. When 'Merging the pull request with the current target branch revision' is run, Jenkins creates a local merge commit and runs a job for that particular merge commitId. This commitId is then used for codeql to upload sarif, on upload it throws an error as the merge commit does not exist in github. To resolve this we have introduces a new variable 'gitRemoteCommitId' in commonPipelineEnvironment which gives the remote merge commit id. 2022-07-12 10:25:17 +02:00			`Param: "git/remoteCommitId",`
feat(codeql): new codeql piper step (#3765) * codeql piper step 2022-06-24 09:04:24 +02:00			`},`
			`},`
			`Scope: []string{},`
			`Type: "string",`
			`Mandatory: false,`
			`Aliases: []config.Alias{},`
			`Default: os.Getenv("PIPER_commitId"),`
			`},`
			`},`
			`},`
			`Containers: []config.Container{`
			`{},`
			`},`
			`Outputs: config.StepOutputs{`
			`Resources: []config.StepResources{`
			`{`
			`Name: "reports",`
			`Type: "reports",`
			`Parameters: []map[string]interface{}{`
			`{"filePattern": "*/.csv", "type": "codeql"},`
			`{"filePattern": "*/.sarif", "type": "codeql"},`
			`},`
			`},`
			`},`
			`},`
			`},`
			`}`
			`return theMetaData`
			`}`