KPI Scans #253
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: KPI Scans | |
on: | |
schedule: | |
- cron: '0 6 * * *' | |
jobs: | |
build_and_push_docker_image: | |
name: Build and push Docker image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
push: true | |
tags: bearersh/kpi-scan:latest | |
file: ./kpi_scan/Dockerfile | |
load_repo_list: | |
name: Load KPI repo list | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.load_json.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: load_json | |
run : | | |
echo "matrix=$(npx --yes json5 ./kpi_scan/kpi_repo_list.json5)" >> $GITHUB_OUTPUT | |
build: | |
needs: [build_and_push_docker_image, load_repo_list] | |
name: Run KPI scans | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: ${{fromJson(needs.load_repo_list.outputs.matrix)}} | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
role-session-name: github-action-battle-test | |
aws-region: eu-west-1 | |
role-skip-session-tagging: true | |
role-duration-seconds: 3600 | |
- name: Run task | |
run: | | |
aws ecs run-task \ | |
--cluster ${{ secrets.CLUSTER }} \ | |
--count 1 \ | |
--tags key=service,value=${TASK_DEFINITION} \ | |
--network-configuration "awsvpcConfiguration={subnets=['${{ secrets.SUBNET }}'],securityGroups=['${{ secrets.SECURITY_GROUP }}'],assignPublicIp=ENABLED}" \ | |
--launch-type FARGATE \ | |
--region eu-west-1 \ | |
--task-definition ${TASK_DEFINITION} \ | |
--overrides '{ "containerOverrides": [ { "name": "kpi-scan", "environment": [ { "name": "REPOSITORY_URL", "value": "${{ matrix.repository_url }}" }, { "name": "API_KEY", "value": "${{ secrets.KPI_SCAN_API_KEY }}" }, { "name": "API_HOST", "value": "${{ secrets.KPI_SCAN_HOST }}" } ] } ] }' | |
env: | |
TASK_DEFINITION: kpi-scan:3 |