From 91c11c5c46bfc1d0d30df674e24e1330b95d9ffa Mon Sep 17 00:00:00 2001 From: jasquat Date: Fri, 16 Aug 2024 12:39:05 -0400 Subject: [PATCH] added REAMDE for ecr sarif action w/ burnettk --- README.md | 4 ++ wait-for-ecr-scan-and-get-sarif/README.md | 79 +++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 wait-for-ecr-scan-and-get-sarif/README.md diff --git a/README.md b/README.md index 23fbc7a..7eecbb2 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ # github-actions-library Each directory is a github actions library that can be used in your github actions workflow. + +## Library list + +[wait-for-ecr-scan-and-get-sarif](./wait-for-ecr-scan-and-get-sarif/README.md) diff --git a/wait-for-ecr-scan-and-get-sarif/README.md b/wait-for-ecr-scan-and-get-sarif/README.md new file mode 100644 index 0000000..75e4cd7 --- /dev/null +++ b/wait-for-ecr-scan-and-get-sarif/README.md @@ -0,0 +1,79 @@ +# Wait for ECR Scan and get Sarif GitHub Action + +### Easily upload coverage reports to Codecov from GitHub Actions + +## Usage + +To integrate with your Actions pipeline, specify the name of this repository with a branch or tag number (`main` is recommended) as a `step` within your `workflow.yml` file. + +Inside your `.github/workflows/workflow.yml` file: + +```yaml +steps: + - uses: discoveryedu/github-actions-library/wait-for-ecr-scan-and-get-sarif@main + with: + repository_name: "docker/repo" + image_tag: "main" + aws_region: "us-east-2" + output_file: "report.sarif" +``` + +After you run this shared workflow you might want to upload the results to github. +That looks like this: + +```yaml +steps: + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: report.sarif + category: security +``` + +## Arguments + +This Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below: + +| Input | Description | Required | +| :---------------- | :----------------------------------------------------------------------------------------------------- | :--------: | +| `repository_name` | ECR repository name | \*Required | +| `image_tag` | Docker image tag | \*Required | +| `aws_region` | Region, like us-east-1 | \*Required | +| `output_file` | File location to place the Sarif output file. It is json, but it sometimes uses the `.sarif` extension | \*Required | + +### Example full `workflow.yml` using this Action + +```yaml +name: "Build container image" +on: + push: + branches: + - main + workflow_dispatch: +jobs: + ecr-scan: + runs-on: ubuntu-latest + + steps: + # [Probably build and push image to ECR here] + + - name: Run ECR Scan and Get SARIF Report + uses: sartography/github-actions-library/wait-for-ecr-scan-and-get-sarif@main + with: + repository_name: "infr/testcloud2202" + image_tag: "main" + aws_region: "us-east-2" + output_file: "report.sarif" + + - name: Upload SARIF report as artifact + uses: actions/upload-artifact@v3 + with: + name: sarif-report + path: report.sarif + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: report.sarif + category: security +```