From 63a2bb7b579375f4cb7c58bb56af463cbee5ceb1 Mon Sep 17 00:00:00 2001 From: Youssef Dhraief Date: Wed, 27 Mar 2024 11:59:15 +0100 Subject: [PATCH 1/2] feat: transformed ecr scan action to composite --- action.yml | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/action.yml b/action.yml index ae5f458..b49b513 100644 --- a/action.yml +++ b/action.yml @@ -39,15 +39,25 @@ inputs: required: true runs: - using: 'docker' - image: Dockerfile - env: - DEBUG_MODE: ${{ inputs.debug-mode }} - LOG_LEVEL: ${{ inputs.log-level }} - LOG_TIMESTAMPED: ${{ inputs.log-timestamped }} - AWS_ACCOUNT_ID: ${{ inputs.aws-account-id }} - AWS_REGION: ${{ inputs.aws-region }} - ECR_REPO_NAME: ${{ inputs.ecr-repo-name }} - ECR_REPO_TAG: ${{ inputs.ecr-repo-tag }} - USE_ALPHA_REGISTRY: ${{ inputs.use-alpha }} - PR_NUMBER: ${{ inputs.pr-number }} + using: 'composite' + steps: + - name: setup + if: github.event_name == 'pull_request' + shell: bash + id: setup + run: | + echo "scripts-path=${GITHUB_ACTION_PATH}" >>"${GITHUB_OUTPUT}" + - name: Scan ECR + if: github.event_name == 'pull_request' + run: '${{ steps.setup.outputs.scripts-path }}/scripts/script.sh' + shell: bash + env: + DEBUG_MODE: ${{ inputs.debug-mode }} + LOG_LEVEL: ${{ inputs.log-level }} + LOG_TIMESTAMPED: ${{ inputs.log-timestamped }} + AWS_ACCOUNT_ID: ${{ inputs.aws-account-id }} + AWS_REGION: ${{ inputs.aws-region }} + ECR_REPO_NAME: ${{ inputs.ecr-repo-name }} + ECR_REPO_TAG: ${{ inputs.ecr-repo-tag }} + USE_ALPHA_REGISTRY: ${{ inputs.use-alpha }} + PR_NUMBER: ${{ inputs.pr-number }} From 142bcd59be8cfe1d37507c000543fb9042d899df Mon Sep 17 00:00:00 2001 From: Youssef Dhraief Date: Wed, 27 Mar 2024 12:02:53 +0100 Subject: [PATCH 2/2] fix: added missing aws auth --- action.yml | 13 +++++++++++++ scripts/script.sh | 2 -- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index b49b513..49ddc6d 100644 --- a/action.yml +++ b/action.yml @@ -18,6 +18,12 @@ inputs: description: Set to true in order to enable timestamps on log messages required: false default: 'true' + role-to-assume: + required: true + description: 'aws role-to-assume to configure' + role-session-name: + required: true + description: 'aws role-session-name to configure' aws-region: description: AWS region to run in required: true @@ -47,6 +53,13 @@ runs: id: setup run: | echo "scripts-path=${GITHUB_ACTION_PATH}" >>"${GITHUB_OUTPUT}" + - name: Configure AWS credentials + if: github.event_name == 'pull_request' + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + role-to-assume: ${{ inputs.role-to-assume }} + role-session-name: ${{ inputs.role-session-name }} + aws-region: ${{ inputs.aws-region }} - name: Scan ECR if: github.event_name == 'pull_request' run: '${{ steps.setup.outputs.scripts-path }}/scripts/script.sh' diff --git a/scripts/script.sh b/scripts/script.sh index 93d26cd..eca883b 100755 --- a/scripts/script.sh +++ b/scripts/script.sh @@ -3,8 +3,6 @@ . "$(dirname "$0")/utils.sh" . "$(dirname "$0")/gh-utils.sh" -sleep 15 - function get_scans() { _scan_repo_name="${1}" _scan_count="${2:-0}"