-
Notifications
You must be signed in to change notification settings - Fork 0
96 lines (91 loc) · 3.26 KB
/
deploy-scan-results-to-github-pages.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
name: Deploy-scan-results-to-GitHub-pages
on:
push:
branches:
- main
permissions:
contents: write
env:
scan_index: 'scan-results/scan_index.json'
audit_file: 'gh-pages/index.json'
index: 'scan-results/index.json'
jobs:
build-and-deploy:
concurrency: ci-${{ github.ref }} # Recommended if you intend to make multiple deployments in quick succession.
runs-on: ubuntu-latest
steps:
- name: Set the time
run: |
ACTION_START_TIME=$(date +%s)
echo "ACTION_START_TIME=$ACTION_START_TIME" >> $GITHUB_OUTPUT
SCAN_RESULT="scan-results/result-$ACTION_START_TIME.json"
echo "SCAN_RESULT=$SCAN_RESULT" >> $GITHUB_OUTPUT
EVENT_DETAIL="events/event-$ACTION_START_TIME.json"
echo "EVENT_DETAIL=$EVENT_DETAIL" >> $GITHUB_OUTPUT
id: run_tests
- name: Checkout 🛎️
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
hide-progress: false
format: 'json'
output: 'results.json'
- name: Storing scan results
run: |
cat "results.json" >>"${{steps.run_tests.outputs.SCAN_RESULT}}"
echo "${{steps.run_tests.outputs.SCAN_RESULT}} has been created!"
- name: Storing event details
id: store_event_details
run: |
cat ${{ github.event_path }}>>"${{steps.run_tests.outputs.EVENT_DETAIL}}"
echo "${{steps.run_tests.outputs.EVENT_DETAIL}} has been created!"
- name: Creating Scan Details
run: |
cat
{
echo '{'
echo '"Id": "${{steps.run_tests.outputs.ACTION_START_TIME}}",'
echo '"Url": "${{steps.run_tests.outputs.SCAN_RESULT}}",'
echo '"Sha": "${{ github.sha }}",'
echo '"Initiator": "${{ github.triggering_actor }}",'
echo '"Ref": "${{ github.ref }}",'
echo '"Event_Name": "${{ github.event_name }}",'
echo '"Event_Path": "${{ steps.store_event_details.outputs.EVENT_DETAIL }}"'
echo '},'
} >>"$scan_index"
echo "$scan_index has been created!"
- name: Checkout gh 🛎️
uses: actions/checkout@v3
with:
ref: gh-pages
path: gh-pages
- name: Adding Scan Details to Audit db
run: |
if [ ! -f $audit_file ]; then
echo "$audit_file doesn't exist, creating an empty one!"
cat
{
echo '{'
echo '"Pushes" : ['
echo ']}'
} >>"$audit_file"
fi
# copy audit file except the last line which is '}' character of json
head -n -1 "$audit_file" > "$index"
cat "$scan_index" >>"$index"
cat
{
echo ''
echo ']}'
} >>"$index"
echo "$index has been created!"
# remove tmp
rm -f $scan_index
- name: Deploy 🚀
uses: JamesIves/github-pages-deploy-action@v4
with:
folder: scan-results
clean: false