generated from freckle/typescript-action-template
-
Notifications
You must be signed in to change notification settings - Fork 1
45 lines (39 loc) · 1.3 KB
/
example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Example
on:
pull_request:
push:
branches: main
jobs:
example:
# Skip if Dependabot. For now, we'll rely only on the types to ensure
# dependency updates are safe, rather than share the Wiz secrets so this can
# run.
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: scan
name: Scan statsd/statsd:v0.9.0 with wiz
uses: ./
with:
wiz-client-id: ${{ secrets.WIZ_CLIENT_ID }}
wiz-client-secret: ${{ secrets.WIZ_CLIENT_SECRET }}
wiz-api-endpoint-url: ${{ vars.WIZ_API_ENDPOINT_URL }}
image: statsd/statsd:v0.9.0 # has many, many CVEs
custom-policies: tvm_automation_policy
fail: false
pull: true
- name: Verify Scan Id
run: |
if [[ -z "${{ steps.scan.outputs.scan-id }}" ]]; then
echo "Scan step should've set a scan-id, it did not" >&2
exit 1
fi
- name: Verify scan result
run: |
result=${{ steps.scan.outputs.scan-result }}
if [[ "$result" != "failed" ]]; then
echo "Scan step should've reported scan-result=failed" >&2
echo "Instead, it reported scan-result=$result" >&2
exit 1
fi