4b416f89bf
* Chore(deps): Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * remove incorrect comments --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
34 lines
1.0 KiB
YAML
34 lines
1.0 KiB
YAML
name: Relyance Compliance Inspection
|
|
on:
|
|
schedule:
|
|
- cron: '0 0 * * *' # Run daily at 00:00 UTC
|
|
workflow_dispatch: # Allow for manual trigger
|
|
|
|
jobs:
|
|
relyance-compliance-inspector:
|
|
permissions:
|
|
contents: read
|
|
id-token: write # Needed for Vault access
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v5
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Get API key
|
|
id: vault-secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@5d7e361bc7e0a183cde8afe9899fb7b596d2659b # get-vault-secrets-v1.2.0
|
|
with:
|
|
repo_secrets: |
|
|
API_KEY=relyance:API_KEY
|
|
|
|
- name: Run Relyance scan
|
|
env:
|
|
API_KEY: "${{ fromJSON(steps.vault-secrets.outputs.secrets).API_KEY }}"
|
|
run: |
|
|
docker pull gcr.io/relyance-ext/compliance_inspector:release && \
|
|
docker run --rm -v ${{ github.workspace }}:/repo --env "API_KEY=${{ env.API_KEY }}" gcr.io/relyance-ext/compliance_inspector:release
|