Skip to content

Updated Flow

Updated Flow #6

Workflow file for this run

name: RL-Secure Workflow
name: RL-Secure Workflow

Check failure on line 2 in .github/workflows/rl-scanner.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/rl-scanner.yml

Invalid workflow file

You have an error in your yaml syntax on line 2
on:
workflow_call:
inputs:
python-version:
required: true
type: string
artifact-name:
required: true
type: string
secrets:
RLSECURE_LICENSE:
required: true
RLSECURE_SITE_KEY:
required: true
SIGNAL_HANDLER_TOKEN:
required: true
PRODSEC_TOOLS_USER:
required: true
PRODSEC_TOOLS_TOKEN:
required: true
PRODSEC_TOOLS_ARN:
required: true
jobs:
checkout-build-scan-only:
runs-on: ubuntu-latest
permissions:
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
- name: Configure Python
uses: actions/setup-python@v5
with:
python-version: ${{ inputs.python-version }}
- name: Configure dependencies
run: |
pip install --user --upgrade pip
pip install --user pipx
pipx ensurepath
pipx install poetry==1.4.2
pip install --upgrade pip
pip install boto3 requests
poetry config virtualenvs.in-project true
poetry install --with dev
poetry self add "poetry-dynamic-versioning[plugin]==1.1.1"
- name: Build release
run: |
poetry build
- name: Create tgz build artifact
run: |
tar -czvf ${{ inputs.artifact-name }} *
- name: Get Artifact Version
id: get_version
run: echo "version=$(cat .version)" >> $GITHUB_ENV
- name: Run RL Scanner
id: rl-scan-conclusion
uses: ./.github/actions/rl-scanner
with:
artifact-path: "$(pwd)/${{ inputs.artifact-name }}"
version: "${{ steps.get_version.outputs.version }}"
env:
RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
- name: Output scan result
run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV