chore(deps): update helm release kube-prometheus-stack to v83 #223
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Checkov IaC Security Scan | |
| on: | |
| push: | |
| branches: [main] | |
| paths: | |
| - "k8s-manifests/**" | |
| - "argocd-apps/**" | |
| - "terraform/**" | |
| - "Dockerfile*" | |
| - ".github/workflows/checkov-scan.yml" | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - "k8s-manifests/**" | |
| - "argocd-apps/**" | |
| - "terraform/**" | |
| - "Dockerfile*" | |
| permissions: | |
| contents: read | |
| security-events: write # Required for SARIF upload | |
| jobs: | |
| checkov-scan: | |
| name: Checkov Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Run Checkov - Kubernetes Manifests | |
| if: hashFiles('kubernetes/**') != '' | |
| uses: bridgecrewio/checkov-action@v12 | |
| with: | |
| directory: kubernetes/ | |
| framework: kubernetes | |
| output_format: cli,sarif | |
| output_file_path: console,results-k8s.sarif | |
| soft_fail: false | |
| skip_check: "" # Add check IDs to skip, e.g. "CKV_K8S_21,CKV_K8S_22" | |
| quiet: true # Show only failed checks | |
| - name: Run Checkov - Helm Charts | |
| if: hashFiles('helm/**') != '' | |
| uses: bridgecrewio/checkov-action@v12 | |
| with: | |
| directory: helm/ | |
| framework: helm | |
| output_format: cli,sarif | |
| output_file_path: console,results-helm.sarif | |
| soft_fail: false | |
| quiet: true | |
| - name: Run Checkov - Terraform | |
| if: hashFiles('terraform/**') != '' | |
| uses: bridgecrewio/checkov-action@v12 | |
| with: | |
| directory: terraform/ | |
| framework: terraform | |
| output_format: cli,sarif | |
| output_file_path: console,results-tf.sarif | |
| soft_fail: false | |
| quiet: true | |
| - name: Run Checkov - Dockerfiles | |
| if: hashFiles('Dockerfile*') != '' | |
| uses: bridgecrewio/checkov-action@v12 | |
| with: | |
| directory: . | |
| framework: dockerfile | |
| output_format: cli,sarif | |
| output_file_path: console,results-docker.sarif | |
| soft_fail: false | |
| quiet: true | |
| - name: Upload SARIF results to GitHub Security | |
| if: always() | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: . | |
| continue-on-error: true # Don't fail if no SARIF file exists |