gautambaghel
commented
3 years ago @alexander-goldman-by You can do this via scripting instead of using this action,
In the folder you want
- name: Synopsys Detect
run: |
curl -O https://detect.synopsys.com/detect.sh
bash detect.sh --blackduck.url=<> --blackduck.api.token=<> --detect.project.name=<> --detect.source.path=<>Use detect.source.path to locate your source folder
Github action for blackduck scan using release plugin pl.allegro.tech.build.axion-release version "1.10.1" and blackducksoftware/github-action@2.0.1 currently downloads the execution script into the same folder that the checkout action uses by default to checkout source code. This creates an issue where a local file (dirty repo) will bump up the version of the gradle project and add -SNAPSHOT to it. This makes versions displayed on the scan either out of sync with the current version or incorrectly displays the version as a snapshot (local) version. If it is possible to download the script outside of GITHUB_WORKSPACE, it would fix the issues we're currently encountering.