Merge pull request #1381 from Nordix/mquhuy/add-release-1.7 #391

	name: Kubesec
	on:
	push:
	branches: [ main ]
	schedule:
	- cron: '30 7 * * 2'

	permissions:
	contents: read

	jobs:
	setup:
	runs-on: ubuntu-22.04
	permissions:
	actions: read
	contents: read
	steps:
	- name: Checkout code
	uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

	- name: Collect all yaml
	id: list_yaml
	run: \|
	LIST_YAML="$(find * -type f -name '.yaml' ! -path '/templates/*')"
	echo "::set-output name=value::$(IFS=$','; echo $LIST_YAML \| jq -cnR '[inputs \| select(length>0)]'; IFS=$'\n')"
	outputs:
	matrix: ${{ steps.list_yaml.outputs.value }}

	lint:
	needs: [ setup ]
	name: Kubesec
	runs-on: ubuntu-22.04
	permissions:
	actions: read
	contents: read
	security-events: write
	strategy:
	matrix:
	value: ${{ fromJson(needs.setup.outputs.matrix) }}
	steps:
	- name: Checkout code
	uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

	- name: Run kubesec scanner
	uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14
	with:
	input: ${{ matrix.value }}
	format: template
	template: template/sarif.tpl
	output: ${{ matrix.value }}.sarif
	exit-code: "0"

	- name: Save result into a variable
	id: save_result
	run: echo "::set-output name=result::$(cat ${{ matrix.value }}.sarif \| jq -c '.runs')"

	- name: Upload Kubesec scan results to GitHub Security tab
	if: ${{ steps.save_result.outputs.result != '[]' }}
	uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
	with:
	sarif_file: ${{ matrix.value }}.sarif

Provide feedback