test_no_vulns.yml

name: Test No Vulns

# confirm that reports are not displayed when no vulns are found

on:
  push:
    branches: #
      - '*'

jobs:
  daily_job:
    runs-on: ubuntu-latest
    environment:
      name: plugin-development

    steps:

      - name: Checkout
        uses: actions/checkout@v4

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: ${{ secrets.AWS_REGION }}
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}

      - name: Test binary scan
        id: inspector
        uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
        with:
          artifact_type: 'binary'
          artifact_path: 'entrypoint/tests/test_data/artifacts/binaries/test_go_binary'
          display_vulnerability_findings: "enabled"
          output_sbom_path: 'sbom.json'
          output_inspector_scan_path: 'inspector_scan.json'
          output_inspector_scan_path_csv: 'inspector_pkg_scan.csv'
          output_inspector_dockerfile_scan_path_csv: 'inspector_dockerfile_scan.csv'
          output_inspector_dockerfile_scan_path_markdown: 'inspector_dockerfile_scan.md'
          sbomgen_version: "latest"

      - name: Demonstrate Upload Scan Results
        uses: actions/upload-artifact@v4
        with:
          name: Inspector Scan SBOM Results
          path: |
            ${{ steps.inspector.outputs.artifact_sbom }}
            ${{ steps.inspector.outputs.inspector_scan_results }}
            ${{ steps.inspector.outputs.inspector_scan_results_csv }}
            ${{ steps.inspector.outputs.inspector_scan_results_markdown }}
            ${{ steps.inspector.outputs.inspector_dockerile_scan_results_csv }}
            ${{ steps.inspector.outputs.inspector_dockerile_scan_results_markdown }}