updated the SDK to use latest LMIv22 image for sdk v3.x #44
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Fortress Security Scan | |
| on: | |
| pull_request_target: | |
| branches: | |
| - "master" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.head_ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| jobs: | |
| collab-check: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| approval-env: ${{ steps.collab-check.outputs.result }} | |
| steps: | |
| - name: Collaborator Check | |
| uses: actions/github-script@v7 | |
| id: collab-check | |
| with: | |
| github-token: ${{ secrets.COLLAB_CHECK_TOKEN }} | |
| result-encoding: string | |
| script: | | |
| try { | |
| const res = await github.rest.repos.checkCollaborator({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| username: "${{ github.event.pull_request.user.login }}", | |
| }); | |
| console.log("Verified ${{ github.event.pull_request.user.login }} is a repo collaborator. Auto Approving.") | |
| return res.status == "204" ? "auto-approve" : "manual-approval" | |
| } catch (error) { | |
| console.log("${{ github.event.pull_request.user.login }} is not a collaborator. Requiring Manual Approval.") | |
| return "manual-approval" | |
| } | |
| wait-for-approval: | |
| runs-on: ubuntu-latest | |
| needs: [collab-check] | |
| environment: ${{ needs.collab-check.outputs.approval-env }} | |
| steps: | |
| - run: echo "Workflow Approved! Starting Fortress Security Scan." | |
| fortress-scan: | |
| runs-on: ubuntu-latest | |
| needs: [wait-for-approval] | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} | |
| aws-region: us-west-2 | |
| role-duration-seconds: 10800 | |
| - name: Run Fortress Security Scan | |
| uses: aws-actions/aws-codebuild-run-build@v1 | |
| with: | |
| project-name: ${{ github.event.repository.name }}-ci-fortress-scan | |
| source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' |