Merge pull request #59 from kubescape/feat/access-key #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Suggest autofixes with Kubescape for direct commits by PR | |
| on: | |
| push: | |
| branches: [ main ] | |
| jobs: | |
| kubescape-fix-commit: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v35 | |
| - uses: kubescape/github-action@main | |
| with: | |
| account: ${{secrets.KUBESCAPE_ACCOUNT}} | |
| accessKey: ${{secrets.KUBESCAPE_ACCESS_TOKEN}} | |
| files: ${{ steps.changed-files.outputs.all_changed_files }} | |
| fixFiles: true | |
| format: "sarif" | |
| - uses: peter-evans/create-pull-request@v4 | |
| # Remember to allow GitHub Actions to create and approve pull requests | |
| # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests | |
| if: github.event_name != 'pull_request_target' | |
| with: | |
| add-paths: | | |
| *.yaml | |
| commit-message: "chore: fix K8s misconfigurations" | |
| title: "[Kubescape] chore: fix K8s misconfigurations" | |
| body: | | |
| # What this PR changes | |
| [Kubescape](https://github.com/kubescape/kubescape) has found misconfigurations in the targeted branch. This PR fixes the misconfigurations that have automatic fixes available. | |
| You may still need to fix misconfigurations that do not have automatic fixes. | |
| base: ${{ github.head_ref }} | |
| branch: kubescape-auto-fix-${{ github.head_ref || github.ref_name }} | |
| delete-branch: true |