java11-examples/.github/workflows/main.yml at master · amitopenwriteup/java11-examples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
on:
  push:
    branches:
      - 'main'

permissions:
  id-token: write
  security-events: write
  actions: read
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Configure AWS Credential
        uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: arn:aws:iam::385738345149:role/CodeGuruSecurityGitHubAccessRole
          aws-region: us-east-1
          role-session-name: GitHubActionScript

      - name: Run CodeGuru Security Scan
        uses: aws-actions/codeguru-security@v1
        with:
          source_path: .
          aws_region: us-east-1
          fail_on_severity: Critical

      - name: Print Findings (if available)
        run: |
          ls -l
          if [ -f "codeguru-security-results.sarif.json" ]; then
            cat codeguru-security-results.sarif.json
          else
            echo "No SARIF results file found."
          fi

      - name: Upload Result
        if: success() # Ensures upload runs only if the previous step succeeds
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: codeguru-security-results.sarif.json