Test Action Installation #1553
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Action Installation | |
| # This workflow tests that users can successfully install | |
| # this GitHub Action. This workflow runs automatically | |
| # every 6 hours. | |
| on: | |
| schedule: | |
| - cron: '0 */6 * * *' # runs every 6 hours | |
| push: | |
| branches: | |
| - '*' | |
| jobs: | |
| daily_job: | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: plugin-development | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: ${{ secrets.AWS_IAM_ROLE }} | |
| - name: Test Amazon Inspector GitHub Actions plugin | |
| uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1 | |
| with: | |
| artifact_type: 'container' | |
| artifact_path: 'alpine:latest' | |
| display_vulnerability_findings: "enabled" | |
| sbomgen_version: "latest" | |
| # only run if the previous step failed | |
| - name: Notify maintainers of installation failure | |
| if: ${{ failure() }} | |
| run: echo "this feature is not implemented" | |
| # TODO: update this to point to public v1.0.0 release | |
| # TODO: add steps to send notification to a Lambda to cut a ticket on job failure | |
| # TODO: delete on push condition when finished with development | |
| # TODO: use an IAM role |