forked from bridgecrewio/terragoat
-
Notifications
You must be signed in to change notification settings - Fork 1
40 lines (38 loc) · 1.35 KB
/
checkov.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: build
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
name: Checkout repo
with:
fetch-depth: 0
- name: Run yor action
uses: bridgecrewio/yor-action@main
- name: Commit tag changes
uses: stefanzweifel/git-auto-commit-action@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Update documentation
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git fetch --tags
git pull
latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
echo "latest tag: $latest_tag"
new_tag=$(echo $latest_tag | awk -F. -v a="$1" -v b="$2" -v c="$3" '{printf("%d.%d.%d", $1+a, $2+b , $3+1)}')
echo "new tag: $new_tag"
pip install -U checkov
cat .github/template.md > README.md && checkov -d terraform -o github_failed_only -s >> README.md
git add README.md || echo "No changes to commit"
git commit -m "update resource scan result doc" README.md || echo "No changes to commit"
git push origin
git tag $new_tag
git push origin $new_tag