Skip to content

Update deploy-scan-results-to-github-pages.yml #66

Update deploy-scan-results-to-github-pages.yml

Update deploy-scan-results-to-github-pages.yml #66

name: Deploy-scan-results-to-GitHub-pages
on:
push:
branches:
- main
permissions:
contents: write
env:
base_folder: 'auditing'
scan_result_folder: 'auditing/scan-results'
event_folder: 'auditing/events'
auditing_item: 'auditing/auditing_item.json'
temp_audit_file: 'auditing/temp_auditing.json'
audit_file: 'gh-pages/auditing/auditing.json'
jobs:
build-and-deploy:
concurrency: ci-${{ github.ref }} # Recommended if you intend to make multiple deployments in quick succession.
runs-on: ubuntu-latest
steps:
- name: Set the time
run: |
ACTION_START_TIME=$(date +%s)
echo "ACTION_START_TIME=$ACTION_START_TIME" >> $GITHUB_OUTPUT
SCAN_RESULT="$scan_result_folder/result-$ACTION_START_TIME.json"
echo "SCAN_RESULT=$SCAN_RESULT" >> $GITHUB_OUTPUT
EVENT_DETAIL="$event_folder/event-$ACTION_START_TIME.json"
echo "EVENT_DETAIL=$EVENT_DETAIL" >> $GITHUB_OUTPUT
id: run_tests
- name: Checkout 🛎️
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
hide-progress: false
format: 'json'
output: 'results.json'
- name: Storing scan results
run: |
cat "results.json" >>"${{steps.run_tests.outputs.SCAN_RESULT}}"
echo "${{steps.run_tests.outputs.SCAN_RESULT}} has been created!"
- name: Storing event details
id: store_event_details
run: |
cat ${{ github.event_path }}>>"${{steps.run_tests.outputs.EVENT_DETAIL}}"
echo "${{steps.run_tests.outputs.EVENT_DETAIL}} has been created!"
- name: Creating Scan Details
run: |
cat
{
echo '{'
echo '"Id": "${{steps.run_tests.outputs.ACTION_START_TIME}}",'
echo '"Url": "${{steps.run_tests.outputs.SCAN_RESULT}}",'
echo '"Sha": "${{ github.sha }}",'
echo '"Initiator": "${{ github.triggering_actor }}",'
echo '"Ref": "${{ github.ref }}",'
echo '"Event_Name": "${{ github.event_name }}",'
echo '"Event_Path": "${{ steps.store_event_details.outputs.EVENT_DETAIL }}"'
echo '},'
} >>"$auditing_item"
echo "$auditing_item has been created!"
- name: Checkout gh 🛎️
uses: actions/checkout@v3
with:
ref: gh-pages
path: gh-pages
- name: Adding Scan Details to Audit db
run: |
if [ ! -f $audit_file ]; then
echo "$audit_file doesn't exist, creating an empty one!"
cat
{
echo '{'
echo '"Pushes" : ['
echo ']}'
} >>"$audit_file"
fi
# copy audit file except the last line which is '}' character of json
head -n -1 "$audit_file" > "$temp_audit_file"
cat "$auditing_item" >>"$temp_audit_file"
cat
{
echo ''
echo ']}'
} >>"$temp_audit_file"
echo "$temp_audit_file has been created!"
# remove tmp
rm -f $auditing_item
- name: Deploy 🚀
uses: JamesIves/github-pages-deploy-action@v4
with:
folder: auditing
clean: false