dcea36dffc
* add relyance workflow * add relyance config * exclude folders and patterns from scanning * add security as codeowner of relyance
34 lines
1.0 KiB
YAML
34 lines
1.0 KiB
YAML
name: Relyance Compliance Inspection
|
|
on:
|
|
schedule:
|
|
- cron: '0 0 * * *' # Run daily at 00:00 UTC
|
|
workflow_dispatch: # Allow for manual trigger
|
|
|
|
jobs:
|
|
relyance-compliance-inspector:
|
|
permissions:
|
|
contents: read
|
|
id-token: write # Needed for Vault access
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Get API key
|
|
id: vault-secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@5d7e361bc7e0a183cde8afe9899fb7b596d2659b # get-vault-secrets-v1.2.0
|
|
with:
|
|
repo_secrets: |
|
|
API_KEY=relyance:API_KEY
|
|
|
|
- name: Run Relyance scan
|
|
env:
|
|
API_KEY: "${{ fromJSON(steps.vault-secrets.outputs.secrets).API_KEY }}"
|
|
run: |
|
|
docker pull gcr.io/relyance-ext/compliance_inspector:release && \
|
|
docker run --rm -v ${{ github.workspace }}:/repo --env "API_KEY=${{ env.API_KEY }}" gcr.io/relyance-ext/compliance_inspector:release
|