GitHub

CI/CD

Pull Request Pipeline

To use the GitHub action, you can copy the code listed below. This will trigger a submit-for-review action on the Gomboc CLI for every pull request. You can replace the effect input with preview if no pull request is wanted. Please note that with preview, the pipelines will pass, regardless of any remediations we find.


name: Gomboc.AI Terraform

permissions:
  id-token: write
  contents: read

on:
  pull_request:

jobs:
  gomboc:
    runs-on: ubuntu-latest
    steps:
      - name: Gomboc.AI - Terraform Remediate
        uses: Gomboc-AI/actions/terraform/remediate@main
          with:
            effect: submit-for-review

Scheduled Pipeline

The Gomboc pipeline also recognizes scheduled execution to support detecting remediations in code that happen due to changes in IaC modules or improvements in Gomboc remediation coverage. The cronproperty follows standard crontab syntax. You can generate a crontab configuration here - https://crontab.guru/. You can choose whether the pipeline should be run always or should only be run when there are new commits since the last execution.


name: Gomboc.AI Terraform

permissions:
  id-token: write
  contents: read

on:
  pull_request:
  
schedules:
 - cron: '0 0 * * *' # Runs the job at midnight
   displayName: "test-scheduled-pipeline"
   branches:
     include: 
     - main
   always: false # should be made to true if runs should be started regardless if changes were made to the repo

jobs:
  gomboc:
    runs-on: ubuntu-latest
    steps:
      - name: Gomboc.AI - Terraform Remediate
        uses: Gomboc-AI/actions/terraform/remediate@main
          with:
            effect: submit-for-review

Last updated