Skip to content

KPI Scans

KPI Scans #272

Workflow file for this run

name: KPI Scans
on:
schedule:
- cron: '0 6 * * *'
jobs:
build_and_push_docker_image:
name: Build and push Docker image
runs-on: ubuntu-latest
steps:
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
tags: bearersh/kpi-scan:latest
file: ./kpi_scan/Dockerfile
load_repo_list:
name: Load KPI repo list
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.load_json.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- id: load_json
run : |
echo "matrix=$(npx --yes json5 ./kpi_scan/kpi_repo_list.json5)" >> $GITHUB_OUTPUT
build:
needs: [build_and_push_docker_image, load_repo_list]
name: Run KPI scans
runs-on: ubuntu-latest
strategy:
matrix: ${{fromJson(needs.load_repo_list.outputs.matrix)}}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: github-action-battle-test
aws-region: eu-west-1
role-skip-session-tagging: true
role-duration-seconds: 3600
- name: Run task
run: |
aws ecs run-task \
--cluster ${{ secrets.CLUSTER }} \
--count 1 \
--tags key=service,value=${TASK_DEFINITION} \
--network-configuration "awsvpcConfiguration={subnets=['${{ secrets.SUBNET }}'],securityGroups=['${{ secrets.SECURITY_GROUP }}'],assignPublicIp=ENABLED}" \
--launch-type FARGATE \
--region eu-west-1 \
--task-definition ${TASK_DEFINITION} \
--overrides '{ "containerOverrides": [ { "name": "kpi-scan", "environment": [ { "name": "REPOSITORY_URL", "value": "${{ matrix.repository_url }}" }, { "name": "API_KEY", "value": "${{ secrets.KPI_SCAN_API_KEY }}" }, { "name": "API_HOST", "value": "${{ secrets.KPI_SCAN_HOST }}" } ] } ] }'
env:
TASK_DEFINITION: kpi-scan:3