Kubesec #2

Workflow file for this run

.github/workflows/kubesec.yml at 9b66474

	name: Kubesec

	on:
	push:
	branches: [main]
	schedule:
	- cron: '30 7 * * 3'

	permissions: {}

	jobs:
	setup:
	name: setup-kubesec
	runs-on: ubuntu-20.04

	permissions:
	actions: read
	contents: read

	if: github.repository == 'metal3-io/cluster-api-provider-metal3'
	steps:
	- name: Checkout code
	uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

	- name: Collect all yaml
	id: list_yaml
	run: \|
	LIST_YAML="$(find * -type f -name '*.yaml' ! -name "clusterctl-cluster.yaml")"
	echo "::set-output name=value::$(IFS=$','; echo $LIST_YAML \| jq -cnR '[inputs \| select(length>0)]'; IFS=$'\n')"
	outputs:
	matrix: ${{ steps.list_yaml.outputs.value }}

	lint:
	needs: [setup]
	name: Kubesec
	runs-on: ubuntu-20.04

	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	matrix:
	value: ${{ fromJson(needs.setup.outputs.matrix) }}

	steps:
	- name: Checkout code
	uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

	- name: Run kubesec scanner
	uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14 # v0.0.2
	with:
	input: ${{ matrix.value }}
	format: template
	template: template/sarif.tpl
	output: ${{ matrix.value }}.sarif
	exit-code: "0"

	- name: Save result into a variable
	id: save_result
	run: echo "::set-output name=result::$(cat ${{ matrix.value }}.sarif \| jq -c '.runs')"

	- name: Upload Kubesec scan results to GitHub Security tab
	if: ${{ steps.save_result.outputs.result != '[]' }}
	uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
	with:
	sarif_file: ${{ matrix.value }}.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Kubesec #2

Workflow file

Kubesec #2

Jobs

Run details

Workflow file for this run