Test Live Mode #16

	on:
	workflow_dispatch:

	name: Test Live Mode

	jobs:
	test-falco-live:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	actions: read
	steps:
	- name: Start Falco
	uses: darryk10/falco-action/start@5e0ba030dc661da9641c3206c35f1a29e85259a2
	with:
	mode: live
	falco-version: '0.39.0'
	verbose: true

	- name: Checkout
	uses: actions/checkout@v4

	- name: Read Sensitive File
	run: \|
	sleep 3
	docker run --rm --privileged ubuntu cat /etc/shadow
	sleep 3

	- name: Stop Falco
	uses: darryk10/falco-action/stop@5e0ba030dc661da9641c3206c35f1a29e85259a2
	with:
	mode: live
	verbose: true

	test-falco-live-custom-rule:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	actions: read
	steps:
	- name: Start Falco
	uses: darryk10/falco-action/start@5e0ba030dc661da9641c3206c35f1a29e85259a2
	with:
	mode: live
	falco-version: '0.39.0'
	custom-rule-file: '${{ github.workspace }}/rules/falco_cicd_rules.yaml'
	verbose: true

	- name: Checkout
	uses: actions/checkout@v4

	- name: Overwrite Source Code
	shell: bash
	run: \|
	sleep 3
	echo "pwned" > ${{ github.workspace }}/pwn.txt
	sleep 3

	- name: Stop Falco
	uses: darryk10/falco-action/stop@5e0ba030dc661da9641c3206c35f1a29e85259a2
	with:
	mode: live
	verbose: true

Provide feedback