accurics-action/example-workflow.yml at master · ManagedKube/accurics-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#
# An example workflow using the Accurics Action
#
on:
  push:
    branches:
      - master

jobs:
  accurics_test_job:
    runs-on: ubuntu-latest
    name: My GitHub Workflow With Accurics
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Accurics Scan
        uses: accurics/accurics-action@v1.3
        id: accurics
        env:
          # Credentials are required by Terraform. They can be specified using any method that Terraform accepts
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          REPO_URL: ${{ github.repositoryUrl }}
        with:
          # A specific Terraform version can be chosen (default=latest)
          terraform-version: 0.14.7
          # Specify any Terraform plan args here. Variables can be specified as follows (enclosed in single quotes)
          plan-args: '-var public_key_path=terraform-poc01.pub -var key_name=terraform-poc01'
          # Specify the ENV_ID and APP_ID from the config file
          app-id: ${{ secrets.ACCURICS_APP_ID }}
          env-id: ${{ secrets.ACCURICS_ENV_ID }}
          # Specify the location to the repository
          repo: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY
          # Fail the build when violations are found:
          fail-on-violations: true
          # Fail the build on all errors
          fail-on-all-errors: false
      - name: Display statistics
        run: '
            echo ""
            echo "Environment Name           : ${{ steps.accurics.outputs.env-name }}";
            echo "Repository                 : ${{ steps.accurics.outputs.repo }}";
            echo "Violation Count            : ${{ steps.accurics.outputs.num-violations }}";
            echo "Resource Count             : ${{ steps.accurics.outputs.num-resources }}";
            echo ""
            echo "Native Resources           : ${{ steps.accurics.outputs.native }}";
            echo "Inherited Resources        : ${{ steps.accurics.outputs.inherited }}";
            echo ""
            echo "High-Severity Violations   : ${{ steps.accurics.outputs.high }}";
            echo "Medium-Severity Violations : ${{ steps.accurics.outputs.medium }}";
            echo "Low-Severity Violations    : ${{ steps.accurics.outputs.low }}";
            echo ""
            echo "Drift                      : ${{ steps.accurics.outputs.drift }}";
            echo "IaC Drift                  : ${{ steps.accurics.outputs.iacdrift }}";
            echo "Cloud Drift                : ${{ steps.accurics.outputs.clouddrift }}";
            echo ""
          '