mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-09 18:43:34 -05:00
4471e9f322
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
71 lines
1.8 KiB
YAML
71 lines
1.8 KiB
YAML
---
|
|
##############################
|
|
##############################
|
|
## Repository Visualization ##
|
|
##############################
|
|
##############################
|
|
|
|
#
|
|
# Documentation:
|
|
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
|
|
#
|
|
|
|
name: Repository Visualization
|
|
###########################################
|
|
# Start the job on all push or PR to main #
|
|
###########################################
|
|
on:
|
|
schedule:
|
|
# Sunday at 5:00pm
|
|
- cron: "0 17 * * 0"
|
|
|
|
###############
|
|
# Set the Job #
|
|
###############
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
# Name the Job
|
|
name: Repository Visualization
|
|
# Set the agent to run on
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
|
|
###############
|
|
# Steps below #
|
|
###############
|
|
steps:
|
|
############################
|
|
# Checkout the source code #
|
|
############################
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v3
|
|
|
|
##############################
|
|
# Create Visualization Files #
|
|
##############################
|
|
- name: Create Visualization
|
|
uses: githubocto/repo-visualizer@0.8.1
|
|
with:
|
|
output_file: "./diagram.svg"
|
|
should_push: false
|
|
|
|
###########################
|
|
# Configure the AWS creds #
|
|
###########################
|
|
- name: Configure AWS Credentials
|
|
if: success()
|
|
uses: aws-actions/configure-aws-credentials@v1
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
|
|
aws-region: ${{ secrets.AWS_REGION }}
|
|
|
|
############################
|
|
# Push the image to aws s3 #
|
|
############################
|
|
- name: Push diagram to s3
|
|
if: success()
|
|
run: aws s3 cp diagram.svg s3://super-linter/diagram.svg
|