Skip to content

Commit 2dd0d72

Browse files
mbruzda-splunkmbruzda-splunk
committed
docs: add documentation for the new run-gs-scorecard job in README.md
1 parent 4b0b8f2 commit 2dd0d72

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

README.md

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
* [[Job] build](#job-build)
2121
* [[Job] AppInspect](#job-appinspect)
2222
* [[Job] AppInspect API](#job-appinspect-api)
23+
* [[Job] run-gs-scorecard](#job-run-gs-scorecard)
2324
* [[Job] setup](#job-setup)
2425
* [[Job] test-unit-python3](#job-test-unit-python3)
2526
* [[Job] run-btool-check](#job-run-btool-check)
@@ -523,6 +524,46 @@ appinspect-api-html-report-self-service
523524
```
524525

525526

527+
## [Job] run-gs-scorecard
528+
529+
**Description**
530+
531+
- This job runs the Gold Standard Scorecard quality assessment tool to evaluate the add-on against security and quality standards.
532+
533+
- The GS Scorecard tool is containerized and runs in a Docker container, analyzing the repository and generating a comprehensive quality report.
534+
535+
- This job only runs on push events to the `main` branch after a successful build.
536+
537+
**Action used:**
538+
- AWS ECR (Elastic Container Registry) for Docker image storage
539+
- Custom Docker image: `ta-automation/gs-scorecard` pushed from GitLab GS Scorecard repository
540+
541+
**Pass/fail behaviour:**
542+
543+
- The job executes the GS Scorecard analysis and generates a quality report.
544+
545+
- The job requires proper AWS credentials for accessing the ECR registry and GitHub credentials for repository analysis.
546+
547+
**Troubleshooting steps for failures if any:**
548+
549+
- Verify that the required secrets are properly configured in GitHub Actions:
550+
- `GSSA_AWS_ACCESS_KEY_ID` and `GSSA_AWS_SECRET_ACCESS_KEY` for AWS ECR access
551+
- `GH_TOKEN_ADMIN` and `SA_GH_USER_NAME` for GitHub access
552+
- `SPL_COM_USER` and `SPL_COM_PASSWORD` for AppInspect integration
553+
554+
- Check that the Docker image version specified in `GS_SCORECARD_VERSION` environment variable exists in the ECR registry.
555+
556+
- Review the job logs for specific error messages from the GS Scorecard tool.
557+
558+
- Ensure the build job completed successfully before this job runs, as it depends on the build artifacts.
559+
560+
**Artifacts:**
561+
562+
```
563+
gs-scorecard-report (gs_scorecard.html)
564+
```
565+
566+
526567
## [Job] setup
527568

528569
**Description:**

0 commit comments

Comments
 (0)