Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

J1 FileManagement Automation v1.2.2 #836

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions .github/workflows/peril.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
name: "Peril"

on:
pull_request:

env:
TRANSPONDER_DOCKER_IMAGE: 081157560428.dkr.ecr.us-east-1.amazonaws.com/transponder:1
SECURITY_SCAN_IMAGE: ghcr.io/jupiterone/security-scan:latest

jobs:
Peril:
name: Peril
permissions:
id-token: write
contents: read
packages: read
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Setup Node
uses: actions/setup-node@v1
with:
node-version: 14.x

- name: Run build
run: yarn install

- name: Get Variables
id: get-vars
run: |
if [[ "${GITHUB_REF}" == 'ref/head/main' && "${GITHUB_EVENT_NAME}" == 'push' ]];
then
echo ::set-output name=aws-oidc-role::arn:aws:iam::081157560428:role/github-main-role
else
echo ::set-output name=aws-oidc-role::arn:aws:iam::081157560428:role/github-pull-request-role
fi

- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ steps.get-vars.outputs.aws-oidc-role }}
role-session-name: pr-role-session
aws-region: us-east-1

- name: ECR login
uses: aws-actions/amazon-ecr-login@v1
id: amazon-ecr-login

- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.PACKAGE_TOKEN }}

- name: Pull security-scan
run: |
docker pull $SECURITY_SCAN_IMAGE

- name: Run security-scan
run: |
docker run \
--user root \
-v /var/run/docker.sock:/var/run/docker.sock \
-v `pwd`:`pwd` \
-e AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \
-e AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \
-e AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }} \
-e GITHUB_REPOSITORY=$GITHUB_REPOSITORY \
-e GITHUB_REF_NAME=$GITHUB_REF_NAME \
-e GITHUB_RUN_NUMBER=$GITHUB_RUN_NUMBER \
-e GITHUB_SERVER_URL=$GITHUB_SERVER_URL \
-e GITHUB_RUN_ID=$GITHUB_RUN_ID \
-e MODE=ci \
-w `pwd` $SECURITY_SCAN_IMAGE

- name: Pull transponder
run: |
docker pull $TRANSPONDER_DOCKER_IMAGE

- name: Run transponder
run: |
docker run --rm -v `pwd`:`pwd` -w `pwd` \
-e J1_API_KEY=${{ secrets.J1_API_KEY_TRANSPONDER }} \
-e J1_API_DOMAIN=${{ secrets.J1_API_DOMAIN_TRANSPONDER }} \
-e J1_ACCOUNT_ID=${{ secrets.J1_ACCOUNT_ID_TRANSPONDER }} \
$TRANSPONDER_DOCKER_IMAGE