From b03d2be20b1011620c2eb6ae863508c6179d20b0 Mon Sep 17 00:00:00 2001
From: Martin Schaef <schaef@amazon.com>
Date: Thu, 9 Dec 2021 09:25:23 -0500
Subject: [PATCH 1/2] Adding CodeGuru Reviewer Action

---
 .github/workflows/codeguru-reviewer.yml | 58 +++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 .github/workflows/codeguru-reviewer.yml

diff --git a/.github/workflows/codeguru-reviewer.yml b/.github/workflows/codeguru-reviewer.yml
new file mode 100644
index 00000000..068fd0cb
--- /dev/null
+++ b/.github/workflows/codeguru-reviewer.yml
@@ -0,0 +1,58 @@
+
+# Runs CodeGuru Reviewer on push events,
+# and uploads recommendations to the GitHub Security tab.
+# For information on the setup see:
+# https://github.com/aws-samples/aws-codeguru-reviewer-cicd-cdk-sample
+
+name: Analyze with CodeGuru Reviewer
+on: [push]
+permissions:
+    id-token: write
+    contents: read
+    security-events: write 
+
+jobs:
+  CodeGuruReviewerScan:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Assume IAM Role
+      id: iam-role
+      continue-on-error: true
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        role-to-assume: arn:aws:iam::048169001733:role/GuruGitHubCICDRole
+        aws-region: us-west-2
+
+    - uses: actions/checkout@v2
+      if: steps.iam-role.outcome == 'success'
+      with:
+        fetch-depth: 0
+
+    - name: Set up JDK 1.8
+      if: steps.iam-role.outcome == 'success'
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+
+    - name: Compile
+      if: steps.iam-role.outcome == 'success'
+      run: |
+        ./setup.sh
+        mvn -DskipTests -Pbuild-eclipse clean compile
+        mkdir -p class-files
+        cp -r bundles/com.amazonaws.*/target/classes/* class-files 
+
+    - name: Run CodeGuru Reviewer
+      id: guruscan
+      if: steps.iam-role.outcome == 'success'
+      continue-on-error: true
+      uses: aws-actions/codeguru-reviewer@v1.1
+      with:          
+        s3_bucket: codeguru-reviewer-github-profiler-demo-048169001733-uw2
+        build_path: ./class-files
+
+    - name: Upload review result
+      if: steps.iam-role.outcome == 'success' &&steps.guruscan.outcome == 'success'
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: codeguru-results.sarif.json

From dab44cd752fe453aa12edf4fb10c530f5fb754d1 Mon Sep 17 00:00:00 2001
From: Martin Schaef <schaef@amazon.com>
Date: Thu, 9 Dec 2021 09:46:44 -0500
Subject: [PATCH 2/2] only run codeguru on master branch

---
 .github/workflows/codeguru-reviewer.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeguru-reviewer.yml b/.github/workflows/codeguru-reviewer.yml
index 068fd0cb..3cd14f12 100644
--- a/.github/workflows/codeguru-reviewer.yml
+++ b/.github/workflows/codeguru-reviewer.yml
@@ -5,7 +5,11 @@
 # https://github.com/aws-samples/aws-codeguru-reviewer-cicd-cdk-sample
 
 name: Analyze with CodeGuru Reviewer
-on: [push]
+on:
+  push:
+    branches:
+      - master
+
 permissions:
     id-token: write
     contents: read