-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathaction.yml
64 lines (64 loc) · 3.28 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
name: 'Secret Scanning Review Action'
author: "@felickz"
description: 'Increase the visibility of Secret Scanning alerts as part of pull request collaboration'
inputs:
token:
description: 'GitHub Access Token that provides access to the repository. Must be provided via either parameter or environment variable. The github.token cannot be used as it does not provide secret scanning alert access.'
required: false #TODO: make this required once the feature is GA (breaking change vs initial env var approach)
fail-on-alert:
description: 'A boolean to raise workflow/annotation error(instead of warning) if alert is detected.'
required: false
default: 'false'
fail-on-alert-exclude-closed:
description: "A boolean to exclude an alert from FailOnAlert if it is marked as closed (state: 'resolved')."
required: false
default: 'false'
disable-pr-comment:
description: 'A boolean to disable the PR comment feature.'
required: false
default: 'false'
runtime:
description: 'The runtime to use for the action (`powershell` or `python`).'
required: false
default: 'powershell'
python-http-proxy-url:
description: 'The URL of the http proxy to use for GitHub API requests (python runtime only).'
required: false
default: '""'
python-https-proxy-url:
description: 'The URL of the https proxy to use for GitHub API requests (python runtime only).'
required: false
default: '""'
python-verify-ssl:
description: 'A boolean to enable or disable SSL verification for GitHub API requests (python runtime only). NOTE: This is NOT recommended and may introduce additional security risks.'
required: false
default: 'true'
python-skip-closed-alerts:
description: 'A boolean to enable or disable skipping closed alerts from evaluation (python runtime only).'
required: false
default: 'false'
python-disable-workflow-summary:
description: 'A boolean to disable the workflow summary comment (python runtime only).'
required: false
default: 'false'
outputs:
alerts:
description: 'Details about the alerts detected in the PR.'
value: ${{ steps.python-run.outputs.alerts}}
runs:
using: composite
steps:
- name: Run Powershell Script
if: ${{ inputs.runtime == 'powershell' }}
run: ${{ github.action_path }}/action.ps1 -GitHubToken ${{ inputs.token }} -FailOnAlert $${{ inputs.fail-on-alert }} -FailOnAlertExcludeClosed $${{ inputs.fail-on-alert-exclude-closed }} -DisablePRComment $${{ inputs.disable-pr-comment }}
shell: pwsh
- name: Run Python Script
if: ${{ inputs.runtime == 'python' }}
id: python-run
run: |
pip install -r ${{ github.action_path }}/requirements.txt
python ${{ github.action_path }}/action.py --GitHubToken ${{ inputs.token }} --FailOnAlert ${{ inputs.fail-on-alert }} --FailOnAlertExcludeClosed ${{ inputs.fail-on-alert-exclude-closed }} --DisablePRComment ${{ inputs.disable-pr-comment }} --ProxyURLHTTP ${{ inputs.python-http-proxy-url }} --ProxyURLHTTPS ${{ inputs.python-https-proxy-url }} --VerifySSL ${{ inputs.python-verify-ssl }} --SkipClosedAlerts ${{ inputs.python-skip-closed-alerts }} --DisableWorkflowSummary ${{ inputs.python-disable-workflow-summary }}
shell: bash
branding:
icon: "lock"
color: "gray-dark"