Skip to content

Commit 3f4d95c

Browse files
theangrytech-gittheangrytech-git
authored
Update msdo-reusable.yml
Removed actions/checkout@v3 and gh CLI as no longer needed
1 parent 75996ea commit 3f4d95c

File tree

1 file changed

+8
-26
lines changed

1 file changed

+8
-26
lines changed

.github/workflows/msdo-reusable.yml

Lines changed: 8 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -65,29 +65,21 @@ jobs:
6565
if ((Get-ChildItem -Recurse -Include *.json | Select-String 'resources' | Measure-Object).Count -gt 0) {
6666
$TOOLS += "templateanalyzer,"
6767
echo "Template Analyzer enabled - ARM templates detected."
68-
} else {
69-
echo "Template Analyzer skipped - No ARM templates found."
7068
}
7169
7270
if ((Get-ChildItem -Recurse -Include *.bicep | Measure-Object).Count -gt 0) {
7371
$TOOLS += "templateanalyzer,"
7472
echo "Template Analyzer enabled - Bicep files detected."
75-
} else {
76-
echo "Template Analyzer skipped - No Bicep files found."
7773
}
7874
7975
if ((Get-ChildItem -Recurse -Include *.tf, *.json, *.yml, *.yaml | Measure-Object).Count -gt 0) {
8076
$TOOLS += "terrascan,"
8177
echo "Terrascan enabled - Terraform/JSON/YML/YAML files detected."
82-
} else {
83-
echo "Terrascan skipped - No Terraform/JSON/YML/YAML files found."
8478
}
8579
8680
if ((Get-ChildItem -Recurse -Include Dockerfile | Measure-Object).Count -gt 0) {
8781
$TOOLS += "trivy,"
8882
echo "Trivy enabled - Dockerfiles detected."
89-
} else {
90-
echo "Trivy skipped - No Dockerfiles found."
9183
}
9284
9385
$TOOLS = $TOOLS.TrimEnd(',')
@@ -110,39 +102,29 @@ jobs:
110102
run: |
111103
if [ "${{ github.repository_visibility }}" == "private" ]; then
112104
echo "This is a private repository. Code Scanning is not available unless GitHub Advanced Security (GHAS) is enabled."
113-
echo "For private repositories, consider enabling GHAS or using external security tools like SonarQube or Snyk."
114105
exit 0
115106
fi
116-
- name: Install GitHub CLI
117-
if: github.repository_visibility == 'public'
118-
run: sudo apt-get install -y gh
119107
120-
- name: Checkout MSDO repo (for local actions)
121-
uses: actions/checkout@v3
122-
with:
123-
repository: theangrytech-git/MSDO
124-
path: msdo-central
125-
126108
- name: Upload SARIF to GitHub Code Scanning
127109
if: github.repository_visibility == 'public'
128110
run: |
129111
echo "Compressing and uploading SARIF..."
130112
sarif_file="${{ steps.msdo.outputs.sarifFile }}"
131113
if [ ! -f "$sarif_file" ]; then
132-
echo "SARIF file not found at $sarif_file"
133-
exit 0
114+
echo "SARIF file not found at $sarif_file"
115+
exit 0
134116
fi
135117
136118
gzip -c "$sarif_file" | base64 -w 0 > msdo.sarif.base64
137119
encoded_sarif=$(cat msdo.sarif.base64)
138120
139121
curl -s -X POST \
140-
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
141-
-H "Accept: application/vnd.github+json" \
142-
-H "Content-Type: application/json" \
143-
https://api.github.com/repos/${{ github.repository }}/code-scanning/sarifs \
144-
-d @- <<EOF
145-
{
122+
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
123+
-H "Accept: application/vnd.github+json" \
124+
-H "Content-Type: application/json" \
125+
https://api.github.com/repos/${{ github.repository }}/code-scanning/sarifs \
126+
-d @- <<EOF
127+
{
146128
"commit_sha": "${{ github.sha }}",
147129
"ref": "${{ github.ref }}",
148130
"sarif": "$encoded_sarif",

0 commit comments

Comments
 (0)