GitHub Action
Bearer Action
Run Curio as a GitHub Action.
steps:
- uses: actions/checkout@v3
- uses: bearer/curio-action@v0.1steps:
- uses: actions/checkout@v3
- name: Curio
uses: bearer/curio-action@v0.1
with:
config-file: '/some/path/curio.yml'
only-policy: 'CR-001,CR-004'
skip-path: 'users/*.go,users/admin.sql'name: Curio
on:
push:
branches:
- main
permissions:
contents: read
jobs:
policy_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Report
id: report
uses: bearer/curio-action@v0.1
- id: summary
name: Display Summary
uses: actions/github-script@v6
with:
script: |
// github does not support multiline outputs so report is encoded
const report = decodeURIComponent(`${{ steps.report.outputs.policy_breaches }}`);
const passed = `${{ steps.report.outputs.exit_code }}` == "0";
if(!passed){ core.setFailed(report); }you can see this workflow in action on our demo repo
Optional Curio configuration file path
Optional Specify the comma-separated IDs of the policies to run; skips all other policies
Optional Specify the comma-separated IDs of the policies to skip; runs all other policies
Optional Specify the comma-separated IDs of the detectors to run; skips all other detectors
Optional Specify the comma-separated IDs of the detectors to skip; runs all other detectors
Optional Specify the comma-separated paths to skip. Supports wildcard syntax, e.g. users/*.go,users/admin.sql
Details of any policy breaches that occur. This is URL encoded to work round githubs issues with multiline outputs.
Exit code of the curio binary, 0 indicates a pass