Findings job

display-findings:
  image: node:16-alpine
  stage: test
  needs: [semgrep-sast]
  tags: [saas-linux-small-amd64]
  rules:
    #- if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_MERGE_REQUEST_IID
  artifacts:
    paths:
      - semgrep.gl-sast-report.json
      - vulnerability-report.md
  before_script:
    - apk add curl
    - *notes_helpers
  script: |
    node display-findings.js > vulnerability-report.md
    report="$(cat vulnerability-report.md)"
    add_note_to_merge_request "${report}"
.notes_helpers: &notes_helpers |
  # --------------------------------
  # add a note to the merge request
  # --------------------------------
  function add_note_to_merge_request() {
    note_content=$1
    MR_ID=${CI_MERGE_REQUEST_PROJECT_ID}
    MR_IID=${CI_MERGE_REQUEST_IID}

    curl -d "body=${note_content}" \
      --request POST \
      --header "PRIVATE-TOKEN: ${BOT_TOKEN}" \
      https://gitlab.com/api/v4/projects/${MR_ID}/merge_requests/${MR_IID}/notes 
  }