added REAMDE for ecr sarif action w/ burnettk
This commit is contained in:
parent
28dc046430
commit
91c11c5c46
|
@ -1,3 +1,7 @@
|
|||
# github-actions-library
|
||||
|
||||
Each directory is a github actions library that can be used in your github actions workflow.
|
||||
|
||||
## Library list
|
||||
|
||||
[wait-for-ecr-scan-and-get-sarif](./wait-for-ecr-scan-and-get-sarif/README.md)
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
# Wait for ECR Scan and get Sarif GitHub Action
|
||||
|
||||
### Easily upload coverage reports to Codecov from GitHub Actions
|
||||
|
||||
## Usage
|
||||
|
||||
To integrate with your Actions pipeline, specify the name of this repository with a branch or tag number (`main` is recommended) as a `step` within your `workflow.yml` file.
|
||||
|
||||
Inside your `.github/workflows/workflow.yml` file:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
- uses: discoveryedu/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
|
||||
with:
|
||||
repository_name: "docker/repo"
|
||||
image_tag: "main"
|
||||
aws_region: "us-east-2"
|
||||
output_file: "report.sarif"
|
||||
```
|
||||
|
||||
After you run this shared workflow you might want to upload the results to github.
|
||||
That looks like this:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
with:
|
||||
sarif_file: report.sarif
|
||||
category: security
|
||||
```
|
||||
|
||||
## Arguments
|
||||
|
||||
This Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
|
||||
|
||||
| Input | Description | Required |
|
||||
| :---------------- | :----------------------------------------------------------------------------------------------------- | :--------: |
|
||||
| `repository_name` | ECR repository name | \*Required |
|
||||
| `image_tag` | Docker image tag | \*Required |
|
||||
| `aws_region` | Region, like us-east-1 | \*Required |
|
||||
| `output_file` | File location to place the Sarif output file. It is json, but it sometimes uses the `.sarif` extension | \*Required |
|
||||
|
||||
### Example full `workflow.yml` using this Action
|
||||
|
||||
```yaml
|
||||
name: "Build container image"
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
workflow_dispatch:
|
||||
jobs:
|
||||
ecr-scan:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
# [Probably build and push image to ECR here]
|
||||
|
||||
- name: Run ECR Scan and Get SARIF Report
|
||||
uses: sartography/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
|
||||
with:
|
||||
repository_name: "infr/testcloud2202"
|
||||
image_tag: "main"
|
||||
aws_region: "us-east-2"
|
||||
output_file: "report.sarif"
|
||||
|
||||
- name: Upload SARIF report as artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: sarif-report
|
||||
path: report.sarif
|
||||
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
with:
|
||||
sarif_file: report.sarif
|
||||
category: security
|
||||
```
|
Loading…
Reference in New Issue