ci(.github): generalize sca scan for non docker artifacts

reuse sca for docker image sca with cis scan
Kong · Feb 1, 2024 · 332e4e8 · 332e4e8
1 parent 5c5396e
commit 332e4e8
Show file tree

Hide file tree

Showing 7 changed files with 746 additions and 143 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -10,6 +10,14 @@ updates:
     schedule:
       interval: "daily"
 
+  - package-ecosystem: "github-actions"
+    directory: "/security-actions/sca"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "github-actions"
+      include: "scope"
+
   - package-ecosystem: "github-actions"
     directory: "/security-actions/scan-docker-image"
     schedule:

diff --git a/.github/workflows/dir-scan.yml b/.github/workflows/dir-scan.yml
@@ -0,0 +1,35 @@
+name: SCA Directory Scan
+
+on:
+  pull_request:
+    branches:
+    - main
+  push:
+    branches:
+    - main
+    tags:
+    - '*'
+
+jobs:
+  test-sca-dir:
+    env:
+      TEST_REPOSITORY: "${{github.repository_owner}}/kong-mesh-gui"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: read
+      checks: write
+      pull-requests: write
+    name: Test Dir Scan
+    steps:
+        - uses: actions/checkout@v4
+        - uses: actions/checkout@v4
+          with:
+            repository: ${{env.TEST_REPOSITORY}}
+            path: ${{env.TEST_REPOSITORY}}
+        - name: Scan Directory
+          id: scan-dir
+          uses: ./security-actions/sca
+          with:
+            asset_prefix: ${{env.TEST_REPOSITORY}}
+            dir: ${{env.TEST_REPOSITORY}}
diff --git a/.github/workflows/docker-image-scan.yml b/.github/workflows/docker-image-scan.yml
@@ -1,4 +1,4 @@
-name: Docker Scan Test
+name: SCA Docker Test
 
 on:
   pull_request: