diff --git a/.github/workflows/container_remote.yml b/.github/workflows/container_remote.yml new file mode 100644 index 0000000..29eb9b4 --- /dev/null +++ b/.github/workflows/container_remote.yml @@ -0,0 +1,57 @@ +on: [push] + +jobs: + inspector: + runs-on: ubuntu-latest + name: "Container Image Scan (Tarball)" + environment: + name: plugin-development + steps: + # To use this repository's private action, + # you must check out the repository + - name: Checkout + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ secrets.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + #- name: Log in to Docker Hub + # uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + # with: + # username: ${{ secrets.DOCKER_USERNAME }} + # password: ${{ secrets.DOCKER_PASSWORD }} + + #- name: Build and push Docker image + # uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 + # with: + # context: . + # file: ./Dockerfile + + - name: Scan artifact with Inspector + uses: ./ # Uses an action in the root directory + id: inspector + with: + artifact_type: 'container' + artifact_path: 'alpine:latest' + output_sbom_path: 'alpine_sbom.json' + output_inspector_scan_path: 'alpine_scan.json' + + - name: Demonstrate SBOM Output + run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.artifact_sbom }} + + - name: Demonstrate Inspector Scan Output + run: python3 scripts/decode_action_output.py ${{ steps.inspector.outputs.inspector_scan_results }} + + - name: Upload Inspector Scan Results + uses: actions/upload-artifact@v4 + continue-on-error: true + with: + name: Inspector Scan SBOM Results + path: | + alpine_sbom.json + alpine_scan.json +