lint/.github/workflows/repo-visualization.yml
nathannaveen 4471e9f322
Set permissions for GitHub actions (#2752)
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
2022-04-11 14:52:49 -05:00

71 lines
1.8 KiB
YAML

---
##############################
##############################
## Repository Visualization ##
##############################
##############################
#
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#
name: Repository Visualization
###########################################
# Start the job on all push or PR to main #
###########################################
on:
schedule:
# Sunday at 5:00pm
- cron: "0 17 * * 0"
###############
# Set the Job #
###############
permissions:
contents: read
jobs:
build:
# Name the Job
name: Repository Visualization
# Set the agent to run on
runs-on: ubuntu-latest
timeout-minutes: 60
###############
# Steps below #
###############
steps:
############################
# Checkout the source code #
############################
- name: Checkout Code
uses: actions/checkout@v3
##############################
# Create Visualization Files #
##############################
- name: Create Visualization
uses: githubocto/repo-visualizer@0.8.1
with:
output_file: "./diagram.svg"
should_push: false
###########################
# Configure the AWS creds #
###########################
- name: Configure AWS Credentials
if: success()
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
############################
# Push the image to aws s3 #
############################
- name: Push diagram to s3
if: success()
run: aws s3 cp diagram.svg s3://super-linter/diagram.svg