Skip to content
Archodex Docs

github_actions@v1

GitHub Actions Archodex Ruleset

This ruleset captures context information when the Archodex Agent is run from within a GitHub Actions Workflow.

How to Enable

This ruleset is disabled by default. To enable:

Terminal window
$ archodex --enable-rulesets github_actions@v1
# or
$ ARCHODEX_ENABLE_RULESETS=github_actions@v1 archodex

Inputs

No inputs required

Contexts and Rules

Contexts:
  - Conditions:
      "{Agent.Env.GITHUB_ACTIONS}": true
    ResourceCaptures:
      - Type: GitHub Service
        Id: "{Agent.Env.GITHUB_SERVER_URL}"
        Contains:
          - Type: Organization
            Id: "{Agent.Env.GITHUB_REPOSITORY_OWNER}"
            Contains:
              - Type: Git Repository
                Id: "{Agent.Env.GITHUB_REPOSITORY}"
                Contains:
                  - Type: GitHub Actions Workflow
                    Id: "{Agent.Env.GITHUB_WORKFLOW_REF}"
          - Type: Actor
            Id: "{Agent.Env.GITHUB_ACTOR}"
          - Type: Actor
            Id: "{Agent.Env.GITHUB_TRIGGERING_ACTOR}"
    Principals:
      - Resource:
          - Type: GitHub Service
            Id: "{Agent.Env.GITHUB_SERVER_URL}"
          - Type: Actor
            Id: "{Agent.Env.GITHUB_TRIGGERING_ACTOR}"
        Event: Assumed
      - Resource:
          - Type: GitHub Service
            Id: "{Agent.Env.GITHUB_SERVER_URL}"
          - Type: Actor
            Id: "{Agent.Env.GITHUB_ACTOR}"
        Event: Invoked
      - Resource:
          - Type: GitHub Service
            Id: "{Agent.Env.GITHUB_SERVER_URL}"
          - Type: Organization
            Id: "{Agent.Env.GITHUB_REPOSITORY_OWNER}"
          - Type: Git Repository
            Id: "{Agent.Env.GITHUB_REPOSITORY}"
          - Type: GitHub Actions Workflow
            Id: "{Agent.Env.GITHUB_WORKFLOW_REF}"