Skip to content

Zwe start help clarification (#3865) #2486

Zwe start help clarification (#3865)

Zwe start help clarification (#3865) #2486

name: Kubernetes IaC Scan
on:
push:
branches:
- v2.x/master
- v2.x/staging
# pull_request:
# types: [opened, synchronize]
workflow_dispatch:
inputs:
RANDOM_DISPATCH_EVENT_ID:
description: 'random dispatch event id'
required: false
type: string
jobs:
display-dispatch-event-id:
if: github.event.inputs.RANDOM_DISPATCH_EVENT_ID != ''
runs-on: ubuntu-latest
steps:
- name: RANDOM_DISPATCH_EVENT_ID is ${{ github.event.inputs.RANDOM_DISPATCH_EVENT_ID }}
run: echo "prints random dispatch event id sent from workflow dispatch event"
snyk:
strategy:
matrix:
k8s-manifests:
# we run 3 kinds as example: CronJob, Deployment, StatefulSet
# all other Deployments should be similar
- workloads/discovery-statefulset.yaml
- workloads/cleanup-static-definitions-cronjob.yaml
- workloads/gateway-deployment.yaml
# try out other Kinds
- samples/api-catalog-service.yaml
- samples/gateway-service-ci.yaml
- samples/gateway-service-np.yaml
- samples/gateway-service-lb.yaml
- samples/horizontal-pod-autoscaler/gateway-hpa.yaml
- samples/pod-disruption-budget/gateway-pdb.yaml
- samples/bare-metal/gateway-ingress.yaml
- samples/openshift/gateway-route.yaml
- samples/workspace-pvc.yaml
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run Snyk to check configuration files for security issues
continue-on-error: true
uses: snyk/actions/iac@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
file: containers/kubernetes/${{ matrix.k8s-manifests }}
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v1
if: hashFiles('snyk.sarif') != ''
with:
sarif_file: snyk.sarif