-
Notifications
You must be signed in to change notification settings - Fork 0
31 lines (28 loc) · 1.21 KB
/
example-use-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
name: Endor Labs AT-ST Scan
on:
workflow_dispatch: null
pull_request:
types: [opened, reopened]
jobs:
endorlabs-setup-and-scan:
permissions:
contents: read # Required by actions/checkout@v3 to checkout a private repository.
runs-on: ubuntu-latest
env:
# DEBUG: 1
GITHUB_API_URL: "https://api.github.com/" # change for GHES
ENDOR_API_CREDENTIALS_KEY: ${{ vars.ENDORLABS_API_KEY }}
ENDOR_API_CREDENTIALS_SECRET: ${{ secrets.ENDORLABS_API_SECRET }}
ENDOR_NAMESPACE: ${{ vars.ENDORLABS_TENANT_NAME }}
ENDOR_SCAN_PR: ${{ github.event_name == 'pull_request' && 'true' || 'false' }} # use CI Run unless this isn't a PR
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Endor Labs Setup
run: |
python3 -m venv ../.atst ; ../.atst/bin/python3 -m pip -q install --upgrade git+https://github.com/endorlabs/atst.git@main
../.atst/bin/endorlabs-atst setup
- name: Endor Labs Scan for ${{ github.event_name }}
# Running this as a seperate step means the setup environment will be loaded
# Note that most of the config is in job-level env vars
run: endorlabs-atst ctl -- scan