Merge pull request #1400 from Nordix/shallow_clone #403

	name: Kubesec
	on:
	push:
	branches: [ main ]
	schedule:
	- cron: '30 7 * * 2'

	permissions:
	contents: read

	jobs:
	setup:
	runs-on: ubuntu-22.04
	permissions:
	actions: read
	contents: read
	steps:
	- name: Checkout code
	uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4

	- name: Collect all yaml
	id: list_yaml
	run: \|
	LIST_YAML="$(find * -type f -name '.yaml' ! -path '/templates/*')"
	echo "::set-output name=value::$(IFS=$','; echo $LIST_YAML \| jq -cnR '[inputs \| select(length>0)]'; IFS=$'\n')"
	outputs:
	matrix: ${{ steps.list_yaml.outputs.value }}

	lint:
	needs: [ setup ]
	name: Kubesec
	runs-on: ubuntu-22.04
	permissions:
	actions: read
	contents: read
	security-events: write
	strategy:
	matrix:
	value: ${{ fromJson(needs.setup.outputs.matrix) }}
	steps:
	- name: Checkout code
	uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4

	- name: Run kubesec scanner
	uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14
	with:
	input: ${{ matrix.value }}
	format: template
	template: template/sarif.tpl
	output: ${{ matrix.value }}.sarif
	exit-code: "0"

	- name: Save result into a variable
	id: save_result
	run: echo "::set-output name=result::$(cat ${{ matrix.value }}.sarif \| jq -c '.runs')"

	- name: Upload Kubesec scan results to GitHub Security tab
	if: ${{ steps.save_result.outputs.result != '[]' }}
	uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
	with:
	sarif_file: ${{ matrix.value }}.sarif

Provide feedback