diff --git a/.github/workflows/pipeline-workflow.yml b/.github/workflows/pipeline-workflow.yml new file mode 100644 index 00000000..405892fd --- /dev/null +++ b/.github/workflows/pipeline-workflow.yml @@ -0,0 +1,26 @@ +name: Pipeline Workflow + +env: + REGION: us-east-1 + +on: push + +jobs: + pipeline-job: + name: Pipeline Job + if: github.repository_owner == 'aws-solutions' + runs-on: ubuntu-latest + permissions: + id-token: write + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.DISPATCHER_ROLE_ARN }} + aws-region: ${{ env.REGION }} + role-duration-seconds: 900 + role-session-name: OIDCSession + - name: Run CodeBuild + uses: aws-actions/aws-codebuild-run-build@v1 + with: + project-name: ${{ secrets.DISPATCHER_CODEBUILD_PROJECT_NAME }} \ No newline at end of file diff --git a/.github/workflows/pull-request-workflow.yml b/.github/workflows/pull-request-workflow.yml new file mode 100644 index 00000000..466dec48 --- /dev/null +++ b/.github/workflows/pull-request-workflow.yml @@ -0,0 +1,23 @@ +name: Pull Request Workflow + +on: + pull_request: + types: [opened, edited, reopened, synchronize] + +jobs: + pull-request-job: + name: Status Checks + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Viperlight + run: | + wget -q https://viperlight-scanner.s3.amazonaws.com/latest/.viperlightrc + wget -q https://viperlight-scanner.s3.amazonaws.com/latest/viperlight.zip + unzip -q viperlight.zip -d ../viperlight + rm -r ./viperlight.zip + echo "Content scanning utility installation complete `date`" + echo "Starting content scanning `date` in `pwd`" + ../viperlight/bin/viperlight scan -m files-contents -m files-aws -m files-binary -m files-entropy -m files-secrets + echo "Completed content scanning `date`" \ No newline at end of file