-
Notifications
You must be signed in to change notification settings - Fork 0
42 lines (40 loc) · 1.5 KB
/
dfscan-mr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
name: dfctl-scan-mr
on:
workflow_dispatch:
inputs:
dfctlversion:
description: 'dfctl version to use'
required: true
default: 'latest'
alert-policy:
description: "Deepfactor alert policy"
required: false
pull_request:
branches: [1.0-GA]
types: [closed]
jobs:
if_merged:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: scan filesystem with dfctl
env:
DFCTL_VERSION: ${{ github.event.inputs.dfctlversion || 'latest' }}
DF_RUN_TOKEN: ${{ secrets.DFSCAN_TOKEN }}
appName: ${{ github.event.repository.name }}
compName: ${{ github.base_ref }}
projDir: ${{ github.workspace }}
alertPolicy: ${{ github.event.inputs.alert-policy || 'AllCVEAlerts' }}
run: |
if [ "${{ github.event_name }}" == "pull_request" ]; then
repoVersion=${{ github.head_ref }}
else
repoVersion=${{ github.ref_name }}
fi
docker run --pull=always --rm -e DF_RUN_TOKEN=$DF_RUN_TOKEN -v $projDir:/home/projdir public.ecr.aws/deepfactor/df/runtime:$DFCTL_VERSION dfctl scan -s fs -a $appName -c $compName -V $repoVersion -p $alertPolicy -R $compName /home/projdir