58 lines
1.6 KiB
YAML
58 lines
1.6 KiB
YAML
name: "Wait for ECR Scan and Get SARIF"
|
|
description: "Waits for an AWS ECR scan to complete and retrieves the SARIF report."
|
|
author: "Kevin <kburnett@discoveryedu.com>"
|
|
|
|
inputs:
|
|
repository_name:
|
|
description: "The name of the ECR repository."
|
|
required: true
|
|
image_tag:
|
|
description: "The tag of the image to scan."
|
|
required: true
|
|
aws_region:
|
|
description: "The AWS region where the ECR repository is located."
|
|
required: true
|
|
output_file:
|
|
description: "The path to save the SARIF report."
|
|
required: true
|
|
default: "report.sarif"
|
|
|
|
outputs:
|
|
sarif_report:
|
|
description: "The SARIF report generated by the scan."
|
|
|
|
# runs:
|
|
# using: "docker"
|
|
# image: "python:3.12"
|
|
# args:
|
|
# - "python"
|
|
# - "/wait-for-ecr-scan-and-get-sarif/main.py"
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Check out the repository
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Set up Python 3.12
|
|
uses: actions/setup-python@v5.1.1
|
|
with:
|
|
python-version: 3.12
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
pip install -r /wait-for-ecr-scan-and-get-sarif/requirements.txt
|
|
|
|
- name: Run the Python script to wait for ECR scan and get SARIF
|
|
run: |
|
|
python /wait-for-ecr-scan-and-get-sarif/main.py \
|
|
--repository_name ${{ inputs.repository_name }} \
|
|
--image_tag ${{ inputs.image_tag }} \
|
|
--aws_region ${{ inputs.aws_region }} \
|
|
--output_file ${{ inputs.output_file }}
|
|
id: run_script
|
|
|
|
- name: Set the output
|
|
run: |
|
|
echo "::set-output name=sarif_report::$(cat ${{ inputs.output_file }})"
|