example-github-actions-codeguru-reviewer/.github/workflows/codeguru-reviewer.yml at main · t3yamoto/example-github-actions-codeguru-reviewer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: Review

on:
  pull_request:
  workflow_dispatch:

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      id-token: write
      contents: read    # This is required for actions/checkout
    steps:

    # Step 1: Checkout the repository and provide your AWS credentials
    - name: Checkout repository
      uses: actions/checkout@v3
      with:
        fetch-depth: 0

    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        role-to-assume: ${{secrets.ROLE_ARN}}
        role-session-name: codeguru-reviewr-session
        aws-region: ${{secrets.AWS_REGION}}

    # Step 2: Add CodeGuru Reviewer Action
    - name: CodeGuru Reviewer
      uses: aws-actions/codeguru-reviewer@v1.1
      with:
        s3_bucket: ${{secrets.BUCKET_NAME}}  # S3 Bucket with "codeguru-reviewer-*" prefix

    # Step 3: Upload results into GitHub
    - name: Upload review result
      if: ${{ github.event_name != 'push' }}
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: codeguru-results.sarif.json