First, get your Data Theorem Upload API Key by according to step 1 on this page: Pre-Production Scans: Uploads via CI/CD
A new step should be added at the end of your existing mobile pipeline to upload the signed application binary (APK or IPA) to Data Theorem.
This new
...
step requires:
The Upload API key retrieved in step 1 to be available in the CI system via the DT_UPLOAD_API_KEY environment variable.
For security reasons, do not embed your Data Theorem API key as plain text into the stepIn the example step below, the
SeeDT_UPLOAD_API_KEYwas exported using an environment hook configured within the Buildkite agent.This API key is sensitive, please see Buildkite’s official documentation on Managing pipeline secrets
The path to the compiled and signed mobile binary to be available in the CI system via the SIGNED_BINARY_PATH environment variable.
Here is a sample Buildkite
...
pipeline that uploads a Mobile App Binary to Data Theorem for scanning after a build step:
| Code Block |
|---|
env:
SIGNED_BINARY_PATH: "app-debug.apk"
steps:
- label: "Build Mobile App Binary"
command: "echo 'Example monile binary build step...'"
- label: "Upload Mobile App Binary to Data Theorem for scanning"
command: "
echo 'Get upload url';
step1_response=$(curl -s -w '%{http_code}' -X POST -H \"Authorization: APIKey \\$DT_UPLOAD_API_KEY\" --data '' https://api.securetheorem.com/uploadapi/v1/upload_init);
http_code=\\${step1_response: -3};
response_body=\\${step1_response::-3};
[ ! \\${http_code} -eq 200 ] && echo \\${response_body} && exit 1;
upload_url=\\$(echo \\${response_body} | jq -r \".upload_url\");
echo \\$upload_url;
echo 'Upload app';
step2_response=$(curl --fail-with-body -F file=@${SIGNED_BINARY_PATH} \\${upload_url}) && echo \\$step2_response;
"
|
...