This is where it all begins

Dockerfile

@@ -0,0 +1,25 @@
+# Container image that runs your code
+FROM python:3.9-alpine
+
+# Install required libs
+RUN apk --no-cache add curl; \
+    apk --no-cache add git; \
+    apk --no-cache add bash
+
+# Install CFN Guard
+RUN curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/aws-cloudformation/cloudformation-guard/main/install-guard.sh | sh
+ENV PATH "/root/.guard/bin:${PATH}"
+
+# Install AWS SusScan
+RUN pip3 install git+https://github.com/awslabs/[email protected]
+
+# Uninstall libs
+RUN apk del git; \
+    apk del curl
+
+# Copies your code file from your action repository to the filesystem path `/` of the container
+COPY entrypoint.sh /entrypoint.sh
+RUN ["chmod", "+x", "/entrypoint.sh"]
+
+# Code file to execute when the docker container starts up (`entrypoint.sh`)
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1,11 +1,91 @@
-## My Project
+# AWS Sustainability Scanner GitHub action
 
-TODO: Fill this README out!
+This GitHub Action runs [AWS Sustainability Scanner](https://github.com/awslabs/sustainability-scanner) against infrastructure-as-code to identify sustainability best practices, generates a report with a score and suggested improvements to apply to your template.
 
-Be sure to:
+## Usage
 
-* Change the title in this README
-* Edit your repository description on GitHub
+In your Github worflows, under steps, add the following:
+
+```yml
+name: AWS Sustainability Scanner
+uses: aws-actions/sustainability-scanner@latest
+with:
+  <INPUTS>
+```
+
+## Inputs
+
+### `file`
+
+Path to the specific file you want to scan.
+
+### `directory`
+
+Path to the directory you want to scan. Every `.yml` and `.yaml` files that this directory contain will be scan.
+
+### `rules_file`
+
+Path to your `.json` file to extend the Susscan rules set.
+
+
+## Example usage
+
+### Simple usage with one specific file
+
+```yml
+name: susscan
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push events but only for the "main" branch
+  push:
+    branches: "main"
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "scan"
+  scan:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so follow-up steps can access it
+      - uses: actions/checkout@v3
+
+      # Run AWS Sustainability Scanner against template.yaml
+      - name: AWS Sustainability Scanner
+        uses: aws-actions/sustainability-scanner@latest
+        with:
+          file: 'template.yaml'
+```
+
+### Usage with a directory and custom rules set
+
+```yml
+name: susscan
+
+on:
+  push:
+    branches: "main"
+  workflow_dispatch:
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      # Run AWS Sustainability Scanner against "my-cf-stacks" folder with an additional rules set
+      - name: AWS Sustainability Scanner
+        uses: aws-actions/sustainability-scanner@latest
+        with:
+          directory: 'my-cf-stacks/'
+          rules-file: 'tests/additional-rules.json'
+```
 
 ## Security
 

action.yml

@@ -0,0 +1,28 @@
+# action.yml
+name: 'AWS Sustainability Scanner GitHub Action'
+author: 'AWS Sustainability'
+description: 'Run AWS Sustainability Scan against infrastructure as code as a pre-packaged GitHub Action.'
+branding:
+  icon: 'cloud'
+  color: 'orange'
+inputs:
+  file:
+    description: 'File with infrastructure code to scan'
+    required: true
+  directory:
+    description: 'Directory with infrastructure code to scan'
+    required: false
+    default: '.'
+  rules_file:
+    description: 'File to extend set of rules to scan'
+    required: false
+outputs:
+  results:
+    description: 'The results from the sustainability scan'
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+    - ${{ inputs.file }}
+    - ${{ inputs.directory }}
+    - ${{ inputs.rules_file }}

entrypoint.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# Leverage the default env variables as described in:
+# https://docs.github.com/en/actions/reference/environment-variables#default-environment-variables
+if [[ $GITHUB_ACTIONS != "true" ]]
+then
+  susscanner "$@"
+  exit $?
+fi
+
+# If an external set of rules is defined then add it to RULES_FILE var
+if [ -n "$INPUT_RULES_FILE" ] && [ -e "$INPUT_RULES_FILE" ]; then
+  RULES_FILE="--rules-file $INPUT_RULES_FILE"
+fi
+
+# Create an empty array to store file names to scan
+RESOURCES_TO_SCAN=()
+
+# If File Variable exists then scan the specific resource
+if [ -n "$INPUT_FILE" ]; then
+  RESOURCES_TO_SCAN+=("$INPUT_FILE")
+else
+# Otherwise scan directory provided (root by default) to populate the array with all .yml or .yaml files
+  echo "running susscanner on directory: $INPUT_DIRECTORY"
+  for FILE in "$INPUT_DIRECTORY"/*.yaml "$INPUT_DIRECTORY"/*.yml; do
+    RESOURCES_TO_SCAN+=("$FILE")
+  done
+fi
+
+# Build command
+for RESOURCE in $RESOURCES_TO_SCAN; do
+  echo "running susscanner on file: $RESOURCE"
+  echo "susscanner $RESOURCE $RULES_FILE"
+  SUSSCAN_RESULTS=$(susscanner $RESOURCE $RULES_FILE)
+
+  SUSSCAN_EXIT_CODE=$?
+
+  if [ $SUSSCAN_EXIT_CODE -eq 0 ]; then
+    echo "${SUSSCAN_RESULTS}"
+  else
+    echo "Scan failed with exit code $SUSSCAN_EXIT_CODE."
+    exit $SUSSCAN_EXIT_CODE
+  fi
+done
+
+exit $SUSSCAN_EXIT_CODE