Twistlock #2110

Workflow file for this run

.github/workflows/twistlock.yml at a7a340b

	name: Twistlock

	on:
	workflow_dispatch:
	inputs:
	image-tag:
	required: true
	type: string

	jobs:
	twistlock-scan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ inputs.ref }}

	- name: Configure VAEC AWS Credentials
	uses: aws-actions/[email protected]
	with:
	aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }}
	aws-region: us-gov-west-1
	role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }}
	role-skip-session-tagging: true
	role-duration-seconds: 900

	- name: Login to VAEC ECR
	id: login-ecr-vaec
	uses: aws-actions/amazon-ecr-login@v2
	with:
	mask-password: 'true'

	- name: Perform twistlock scan
	env:
	ECR_REGISTRY: ${{ steps.login-ecr-vaec.outputs.registry }}
	IMAGE_REPOSITORY: "notification_api"
	IMAGE_TAG: "${{ inputs.image-tag }}"
	uses: ./.github/actions/run-commands-on-ec2
	with:
	instance-id-ssm-parameter-path: /utility/twistlock/instance
	commands: >-
	"aws --region us-gov-west-1 ecr get-login-password \| docker login --username AWS --password-stdin '"$ECR_REGISTRY"' 2>/dev/null",
	"docker pull '"$ECR_REGISTRY"'/'"$IMAGE_REPOSITORY"':'"$IMAGE_TAG"' 1>/dev/null",
	"docker logout '"$ECR_REGISTRY"'",
	"export TWISTLOCK_PASSWORD=$(aws --region us-gov-west-1 ssm get-parameter --name /utility/twistlock/vanotify-ci-user-password --with-decryption \| jq '.Parameter.Value' -r)",
	"twistcli images scan --project vanotify --address https://twistlock.devops.va.gov --user vanotify-ci-user '"$ECR_REGISTRY"'/'"$IMAGE_REPOSITORY"':'"$IMAGE_TAG"'",
	"STATUS_CODE=$?",
	"docker image prune -a -f 1>/dev/null",
	"exit $STATUS_CODE"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Twistlock #2110

Workflow file

Twistlock #2110

Jobs

Run details

Workflow file for this run