feat: integrate GS Scorecard workflow

mbruzda-splunk · mbruzda-splunk · commit 24e77b2acf8e · 2025-10-24T09:35:28.000+02:00
diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml
@@ -97,6 +97,12 @@ on:
       SPL_COM_PASSWORD:
         description: password to splunk.com
         required: true
+      GSSA_AWS_ACCESS_KEY_ID:
+        description: GSSA AWS access key id
+        required: true
+      GSSA_AWS_SECRET_ACCESS_KEY:
+        description: GSSA AWS secret access key
+        required: true
 permissions:
   contents: read
   packages: read
@@ -812,6 +818,57 @@ jobs:
           name: appinspect-api-html-report-${{ matrix.tags }}
           path: AppInspect_response.html
 
+  run-gs-scorecard:
+    name: quality-gs-scorecard
+    needs: build
+    if: ${{ !cancelled() && needs.build.result == 'success' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.GSSA_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.GSSA_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Login to Amazon ECR
+        run: |
+          aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 956110764581.dkr.ecr.us-west-2.amazonaws.com
+
+      - name: Pull GS Scorecard image
+        run: |
+          docker pull 956110764581.dkr.ecr.us-west-2.amazonaws.com/ta-automation/gs-scorecard:1.0.0
+
+      - name: Run GS Scorecard
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
+          GITHUB_USERNAME: ${{ secrets.SA_GH_USER_NAME }}
+          APPINSPECT_USER: ${{ secrets.SPL_COM_USER }}
+          APPINSPECT_PASS: ${{ secrets.SPL_COM_PASSWORD }}
+        run: |
+          docker run --rm \
+            -e GITHUB_TOKEN \
+            -e GITHUB_USERNAME \
+            -e AWS_ACCESS_KEY_ID="${{ secrets.GSSA_AWS_ACCESS_KEY_ID }}" \
+            -e AWS_SECRET_ACCESS_KEY="${{ secrets.GSSA_AWS_SECRET_ACCESS_KEY }}" \
+            -e AWS_DEFAULT_REGION="us-west-2" \
+            -e APPINSPECT_USER \
+            -e APPINSPECT_PASS \
+            -v $(pwd):/addon \
+            956110764581.dkr.ecr.us-west-2.amazonaws.com/ta-automation/gs-scorecard:1.0.0
+
+      - name: Upload GS Scorecard report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: gs-scorecard-report
+          path: ./gs_scorecard.html
+
   setup:
     needs:
       - setup-workflow
