Skip to content

Commit f798245

Browse files
committed
feat: add new fossa-related composite actions
1 parent a0bc9b0 commit f798245

File tree

3 files changed

+145
-1
lines changed

3 files changed

+145
-1
lines changed

fossa/analyze/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ inputs:
1414
required: false
1515
default: .fossa.yml
1616
path:
17-
description: Path to the directory to be scanned
17+
description: Path to the directory for scanning
1818
default: .
1919
required: false
2020
revision-id:

fossa/info/action.yml

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
name: fossa info
2+
3+
description: Provides context info required for other FOSSA composite actions.
4+
5+
outputs:
6+
is-pull-request:
7+
description: |
8+
True in the context of a pull request, false otherwise.
9+
value: ${{ steps.info.outputs.is-pull-request }}
10+
base-ref:
11+
description: |
12+
The ref (name) of the base branch in the context of a pull request.
13+
Empty if not a pull request.
14+
value: ${{ steps.info.outputs.base-ref }}
15+
base-revision:
16+
description: |
17+
The revision (commit SHA) of the base branch in the context of a pull request.
18+
Empty if not a pull request.
19+
Generally used to find (via diff) new license issues introduced by a PR.
20+
value: ${{ steps.info.outputs.base-revision }}
21+
head-ref:
22+
description: |
23+
The HEAD ref (name) of the branch to be analyzed by FOSSA, determined based on the context of the event.
24+
value: ${{ steps.info.outputs.head-ref }}
25+
head-revision:
26+
description: |
27+
The HEAD revision (commit sha) to be analyzed by FOSSA, determined based on the context of the event.
28+
value: ${{ steps.info.outputs.head-revision }}
29+
30+
runs:
31+
using: composite
32+
steps:
33+
- name: Get context info
34+
id: info
35+
env:
36+
IS_PULL_REQUEST: ${{ github.event_name == 'pull_request' }}
37+
BASE_REF: >
38+
${{
39+
github.event_name == 'pull_request' &&
40+
github.event.pull_request.base.ref ||
41+
''
42+
}}
43+
BASE_REVISION: >
44+
${{
45+
github.event_name == 'pull_request' &&
46+
github.event.pull_request.base.sha ||
47+
''
48+
}}
49+
HEAD_REF: >
50+
${{
51+
github.event_name == 'pull_request' &&
52+
github.event.pull_request.head.ref ||
53+
github.ref_name
54+
}}
55+
HEAD_REVISION: >
56+
${{
57+
github.event_name == 'pull_request' &&
58+
github.event.pull_request.head.sha ||
59+
github.sha
60+
}}
61+
run: |
62+
{
63+
echo "is-pull-request=${IS_PULL_REQUEST}"
64+
echo "base-ref=${BASE_REF}"
65+
echo "base-revision=${BASE_REVISION}"
66+
echo "head-ref=${HEAD_REF}"
67+
echo "head-revision=${HEAD_REVISION}"
68+
} >> $GITHUB_OUTPUT
69+
shell: bash

fossa/pr-check/action.yml

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
name: pr check
2+
3+
description: |
4+
Check for new issues introduced by a pull request.
5+
6+
Note: Currently limited to license-related issues.
7+
8+
inputs:
9+
api-key:
10+
description: The API key to access fossa.com
11+
required: true
12+
base-ref:
13+
description: |
14+
The ref (name) of the base branch in the context of a pull request.
15+
Only for display purposes, not required.
16+
required: false
17+
base-revision:
18+
description: |
19+
The revision (commit SHA) of the base branch in the context of a pull request.
20+
required: true
21+
configuration-file:
22+
description: Path to the FOSSA configuration file
23+
required: false
24+
default: .fossa.yml
25+
path:
26+
description: Path to the directory for scanning
27+
default: .
28+
required: false
29+
revision:
30+
description: |
31+
The revision (commit sha) of the HEAD branch in the context of a pull request.
32+
required: true
33+
34+
runs:
35+
using: composite
36+
steps:
37+
- name: Check for new issues against the base ref=${{ inputs.base-ref }}
38+
id: check
39+
env:
40+
BASE_REF: ${{ inputs.base-ref }}
41+
BASE_REVISION: ${{ inputs.base-revision }}
42+
CONFIGURATION_FILE: ${{ inputs.configuration-file }}
43+
DIRECTORY_PATH: ${{ inputs.path }}
44+
FOSSA_API_KEY: ${{ inputs.api-key }}
45+
REVISION: ${{ inputs.revision }}
46+
run: |
47+
# Run fossa test
48+
results=$(fossa test "${DIRECTORY_PATH}" --config "${CONFIGURATION_FILE}" --diff "${BASE_REVISION}" --revision "${REVISION}" --format json || true)
49+
50+
license_issues=$(echo "$results" | jq -c '.issues | map(select(.type == "policy_flag"))')
51+
license_issues_count=$(echo "$license_issues" | jq '. | length')
52+
security_issues=$(echo "$results" | jq -c '.issues | map(select(.type == "vulnerability"))')
53+
security_issues_count=$(echo "$security_issues" | jq '. | length')
54+
55+
echo "License issues: ${license_issues_count}"
56+
echo "Security issues: ${security_issues_count} (non-license issues are currently ignored)"
57+
58+
echo "license-issues=${license_issues}" >> $GITHUB_OUTPUT
59+
echo "license-issues-count=${license_issues_count}" >> $GITHUB_OUTPUT
60+
shell: bash
61+
- name: License Issues found - Action needed
62+
if: fromJSON(steps.check.outputs.license-issues-count) > 0
63+
env:
64+
FOSSA_API_KEY: ${{ inputs.api-key }}
65+
LICENSE_ISSUES: ${{ steps.check.outputs.license-issues }}
66+
LICENSE_ISSUES_COUNT: ${{ steps.check.outputs.license-issues-count }}
67+
run: |
68+
echo "This PR introduces new license issues that must be addressed prior to merging."
69+
echo "HOW-TO: https://confluence.camunda.com/spaces/HAN/pages/277024795/FOSSA#FOSSA-Handlelicenseissues"
70+
echo "License Issues:"
71+
echo "${LICENSE_ISSUES}" | jq -r '.[] | "- Package: \(.revisionId)\n License: \(.license)\n Issue URL: \(.issueDashURL)\n"'
72+
echo "Adding an annotation to the GitHub job for visibility and exiting with error..."
73+
echo "::error title=License Check (job=${{ github.job }})::${LICENSE_ISSUES_COUNT} issue found. Please check the logs and resolve before merging."
74+
exit 1
75+
shell: bash

0 commit comments

Comments
 (0)