.github/workflows/k8s-security-config-watch.yml
name: K8S Security Config Watch
on:
pull_request:
paths:
- "kubernetes/**"
- "!kubernetes/bin/**"
- ".github/workflows/k8s-security-config-watch.yml"
jobs:
validation:
runs-on: ubuntu-latest
steps:
# checkout Master branch
- uses: actions/checkout@v4.1.7
with:
ref: master
path: master
# checkout PR branch
- uses: actions/checkout@v4.1.7
with:
path: candidate
ref: ${{ github.event.pull_request.head.sha }}
# pass the yamls directory to k8s-privilege-check git action
- name: Kubernetes Security Lint
uses: sysdiglabs/k8s-security-lint@v1.0.0
with:
sourceDir: "/master/kubernetes"
targetDir: "/candidate/kubernetes"
# evaluate escalation report
- name: Post Privilege Check
run: |
echo ${{ toJSON(steps.k8s_privilege_check.outputs.escalation_report) }}