Create main.yml

.github/workflows/main.yml

@@ -0,0 +1,31 @@
+name: Privado Scan
+on: push
+
+jobs:
+  privado:
+    runs-on: ubuntu-latest
+    if: github.ref_name == github.event.repository.default_branch
+    env:
+      PRIVADO_API_TOKEN: "api94f1ef56e9592396bf1fc24f9101d3db78299e8d291652b640"
+      PRIVADO_API_ID: "4FEBCAAE823D8AC3AB705DFF"
+      PRIVADO_API_HOST: "https://t.ent.code.privado.ai"
+      PRIVADO_CI_PLATFORM: "GITHUB_ACTIONS"
+      PRIVADO_DOCKER_IMAGE: 638117407428.dkr.ecr.ap-south-1.amazonaws.com/scanner-agent:latest-dockerless
+      PRIVADO_REPOSITORY_ID: ${{ github.repository_id }}
+      PRIVADO_REPOSITORY_NAME: ${{ github.repository }}
+      PRIVADO_COMMIT_ID: ${{ github.sha }}
+      PRIVADO_BRANCH_NAME: ${{ github.ref_name }}
+      PRIVADO_DEFAULT_BRANCH_NAME: ${{ github.event.repository.default_branch }}
+      PRIVADO_REPOSITORY_URL: ${{ github.repositoryUrl }}
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: "Login to docker registry"
+      run: |
+        curl --fail -s -H "Content-Type: application/json" -H "Authorization: Token $PRIVADO_API_TOKEN" -H "idt: $PRIVADO_API_TOKEN" -H "data-url: /ce/integrations/customers/$PRIVADO_API_ID/docker-registry-token" $PRIVADO_API_HOST/ce/integrations/customers/$PRIVADO_API_ID/docker-registry-token?ci=true | docker login --username AWS --password-stdin $PRIVADO_DOCKER_IMAGE
+    - name: Run Privado Scanner
+      run: |
+        env | grep 'PRIVADO_' > $GITHUB_WORKSPACE/.privado.env
+        docker run -t -v $GITHUB_WORKSPACE:/privado --env-file $GITHUB_WORKSPACE/.privado.env --privileged --pull=always $PRIVADO_DOCKER_IMAGE