Add a on push action which runs aactl (#114)

* Add github action usage example and readme file, tested and works

* Remove trailing space from action example

examples/github-actions/README.md

@@ -1,28 +1,23 @@
 # aactl as builder in GitHub Actions (GHA)
 
-In addition to being used as a CLI, `aactl` can also be used as a builder.
+In addition to being used as a CLI, `aactl` can also be used as a github action.
 
 ## inputs
 
 * `project` - (required) GCP Project ID
-* `digest` - (required) Image digest
+* `source` - (required) Full image path with tag or digest
 * `file` - (required) Path to the vulnerability file
-* `format` - (required) Format of the vulnerability file
 
 ## usage
 
 Below example, shows how to import vulnerabilities from previously generated report.
 
-> Make sure to use the latest tag release from [here](https://github.com/GoogleCloudPlatform/aactl/releases)
 
 ```yaml
-uses: GoogleCloudPlatform/[email protected]`
-with:
-  type: vulnerability
-  project: ${{ env.PROJECT_ID }}
-  digest: ${{ steps.build.outputs.digest }}
-  file: ${{ steps.scan.outputs.output }}
-  format: ${{ steps.scan.outputs.format }}
+      - name: 'Run aactl'
+        uses: docker://gcr.io/cloud-builders/aactl:latest
+        with:
+          args: vuln --project ${{ env.PROJECT_ID }} --source ${{ env.IMAGE_ID }} --file ${{ steps.scan.outputs.output }}
 ```
 
-> Fully working example can be found in [.github/workflows/import.yaml](../../.github/workflows/import.yaml).
+> Fully working example can be found in [on-push.yaml](on-push.yaml).

examples/github-actions/on-push.yaml

@@ -0,0 +1,49 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: on-push
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - main
+
+jobs:
+  aactl:
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    runs-on: 'ubuntu-latest'
+    steps:
+      - name: 'Checkout Code'
+        uses: 'actions/[email protected]'
+
+      # Look at https://github.com/google-github-actions/auth
+      # on how to setup Google Auth Github Action.
+      # Look at https://github.com/google-github-actions/auth#setting-up-workload-identity-federation
+      # on how to setup Workload Identity federation.
+      # Make sure the service account
+      # <SERVICE_ACCOUNT_ID>@<PROJECT_ID>.iam.gserviceaccount.com has roles/containeranalysis.admin.
+      - name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v1'
+        with:
+          workload_identity_provider: 'projects/PROJECT_ID/locations/global/workloadIdentityPools/<POOL_ID>/providers/<PROVIDER_ID>'
+          service_account: '<SERVICE_ACCOUNT_ID>@<PROJECT_ID>.iam.gserviceaccount.com'
+
+      - name: 'Run aactl'
+        uses: docker://gcr.io/cloud-builders/aactl:latest
+        with:
+          args: vuln --project ${{ env.PROJECT_ID }} --source ${{ env.IMAGE_ID }} --file ${{ steps.scan.outputs.output }}