# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # A sample workflow which checks out your code and scans your desired k8s config files for misconfigurations using the Datree CLI. # The results are then uploaded to GitHub Security Code Scanning. # # For more information and configurations options, see https://github.com/datreeio/action-datree/ name: Datree on: push: branches: [ $default-branch, $protected-branches ] pull_request: # The branches below must be a subset of the branches above branches: [ $default-branch ] permissions: contents: read jobs: datree: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run Datree policy check continue-on-error: true uses: datreeio/action-datree@de67ae7a5133d719dc794e1b75682cd4c5f94d8a env: # In order to use the Datree action you will need to have a Datree token. # See https://hub.datree.io/setup/account-token#1-get-your-account-token-from-the-dashboard to acquire your token. DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} with: # Add the path to the configuration file/s that you would like to test. # See https://github.com/datreeio/action-datree#usage for all available options. path: test-file.yaml # Setting a SARIF output will generate a file named "datree.sarif" containing your test results cliArguments: "-o sarif" - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v3 with: sarif_file: datree.sarif