-
Notifications
You must be signed in to change notification settings - Fork 63
/
action.yml
107 lines (104 loc) · 3.65 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: "Legitify Analyze"
description: "Legitify GitHub Action"
branding:
color: "purple"
icon: "target"
inputs:
github_token:
description: "GitHub Personal Access Token"
required: true
analyze_self_only:
description: "If this is set, only the repo where this action is called from will be analyzed"
required: false
default: "false"
repositories:
description: "Strings of owner/repo separated by a comma. If this is set, only selected repositories will be analyzed"
required: false
legitify_base_version:
description: "The base version of legitify to use. Non breaking changes will be auto updated."
required: false
default: "1.0"
scorecard:
description: 'Whether to run scorecard as part of the analysis (no/yes/verbose default to "no")'
required: false
default: "no"
upload_code_scanning:
description: 'Whether to upload the results to GitHub Code Scanning'
required: false
default: "true"
compile_legitify:
description: "Compile legitify from source (use legitify_base_version as ref)"
required: false
default: "false"
artifact_name:
description: "If the repository where this action runs is private, the analysis report will be saved as an artifact with this name"
required: false
default: "legitify-report"
ignore-policies:
description: "List of policies to ignore (SKIP). Policies should be separated by a new line"
required: false
default: ""
extra:
description: "Additional arguments"
required: false
default: ""
runs:
using: "composite"
steps:
- id: setup-go
if: ${{ inputs.compile_legitify == 'true' }}
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/setup-go@v3
with:
go-version: 1.19
- id: checkout_legitify
if: ${{ inputs.compile_legitify == 'true' }}
uses: 'actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b'
with:
repository: Legit-Labs/legitify
ref: ${{ inputs.legitify_base_version }}
path: legitify-build
- id: compile_legitify
if: ${{ inputs.compile_legitify == 'true' }}
shell: bash
run: |
cd legitify-build
go build -o "${GITHUB_ACTION_PATH}/legitify"
- id: create_ignore_policies_file
shell: bash
run: |
echo "${{ inputs.ignore-policies }}" > "${GITHUB_ACTION_PATH}/ignored-policies"
- uses: actions/setup-node@v4
with:
node-version: '20'
- id: analyze
shell: bash
env:
github_token: ${{ inputs.github_token }}
analyze_self_only: ${{ inputs.analyze_self_only }}
repositories: ${{ inputs.repositories }}
legitify_base_version: ${{ inputs.legitify_base_version }}
scorecard: ${{ inputs.scorecard }}
upload_code_scanning: ${{ inputs.upload_code_scanning }}
compile_legitify: ${{ inputs.compile_legitify }}
ignore-policies-file: ./ignored-policies
extra: ${{ inputs.extra }}
run: |
cd "$GITHUB_ACTION_PATH"
node index.js
- id: reports
shell: bash
run: |
cp "$GITHUB_ACTION_PATH"/legitify-output.* . || echo 'no files to copy'
- name: "Upload SARIF as Code Scanning Results"
if: ${{ inputs.upload_code_scanning == 'true' }}
continue-on-error: true
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: legitify-output.sarif
category: "legitify-report"
- name: "Upload outputs as Workflow Artifacts"
if: ${{ steps.analyze.outputs.is_private == 'true' }}
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.artifact_name }}
path: legitify-output.*