More improvements to the Mondoo Linux Security policy (#451) #1292
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Lint Policies | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Lint cnspec policies and output SARIF | |
uses: mondoohq/actions/cnspec-lint@main | |
with: | |
path: . | |
output-file: "results.sarif" | |
- name: Install jq | |
run: sudo apt-get install jq | |
- name: Display SARIF file content | |
run: cat results.sarif | |
- name: Upload SARIF results file | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: results.sarif | |
- name: Check SARIF file content | |
id: check_sarif | |
run: | | |
echo "Checking SARIF file content..." | |
RESULTS_EMPTY=$(cat results.sarif | jq '.runs[0].results | length == 0') | |
if [ "$RESULTS_EMPTY" = "true" ]; then | |
echo "SARIF file content is as expected. No results found." | |
else | |
echo "SARIF file contains results, indicating issues were found. Please review the SARIF file content below for more details, or check the 'Security' tab for alerts once the file has been uploaded." | |
exit 1 | |
fi | |
license-check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Copywrite | |
uses: hashicorp/[email protected] | |
with: | |
version: v0.16.4 | |
- name: Check Header Compliance | |
run: copywrite headers --plan |