feat: uds-security-hub scan common action #222
Conversation
not sure where I got the other one from. Maybe the tasks?
|
@Racer159 @zachariahmiller any more feedback on this PR for things that need changed? |
@partkyle I'm out this week so I will defer to @Racer159 on this. Thanks. |
| - name: build example package | ||
| id: setup | ||
| run: | | ||
| uds run create-nginx-package --no-progress |
There was a problem hiding this comment.
we should not rely on app-specific tasks in callable workflows (other apps should be able to use this flow as is without needing to add an extra create-nginx-package task)
There was a problem hiding this comment.
I have changed it to a pull request triggered workflow, so it should be fine to use this task, correct?
There was a problem hiding this comment.
That should be fine for now - eventually we will fix Maru and then this can be callable again with a reference to create:package
There was a problem hiding this comment.
@Racer159 Ok, I think I have this resolved per your comments. Can you take a look?
.github/workflows/test.yaml
Outdated
| @@ -55,3 +55,6 @@ jobs: | |||
| flavor: ${{ matrix.flavor }} | |||
| type: ${{ matrix.type }} | |||
| secrets: inherit # Inherits all secrets from the parent workflow. | |||
|
|
|||
| test-security-hub-scan: | |||
There was a problem hiding this comment.
Thinking on this more I do think it would be good to split out into it's own workflow - this also does not matrix flavors so we will only get one result from it.
… is used externally
This is an action that is meant to be used for scanning a zarf package that is created by a workflow.
Here is an example repo that is using it.