Update entrypoint.sh #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Orca IaC action | |
| on: [pull_request, workflow_dispatch] | |
| permissions: | |
| contents: read | |
| jobs: | |
| iac_scan_job: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| with: | |
| fetch-depth: 0 # Ensure we have git history for diff | |
| ref: ${{ github.event.pull_request.head.ref }} # Add this line to checkout PR head | |
| - name: Get changed files | |
| run: | | |
| # git checkout ${{ github.head_ref }} | |
| git rev-parse --abbrev-ref HEAD | |
| git -c core.quotepath=false diff -z --name-only origin/${{ github.base_ref }}...origin/${{ github.head_ref }} --diff-filter=ACM | |
| - name: Scan IaC | |
| uses: ./ | |
| with: | |
| api_token: ${{ secrets.ORCA_SECURITY_API_TOKEN }} | |
| project_key: "default" | |
| path: "test" | |
| format: "json" | |
| output: "results/" | |
| console_output: "cli" | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/[email protected] | |
| if: always() | |
| with: | |
| name: orca-results | |
| path: results/ |