-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathaction.yml
More file actions
114 lines (105 loc) · 3.56 KB
/
action.yml
File metadata and controls
114 lines (105 loc) · 3.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: 'Dependency Audit Crawler'
description: 'Crawls Sourcegraph to find dependents and generates a UDG Graph + SPDX Snippets'
author: 'SupplyChainBot'
inputs:
root_repo:
description: 'The root repository to audit'
required: true
default: ${{ github.repository }}
project_name:
description: 'The short name of the project'
required: true
sourcegraph_token:
description: 'Your Sourcegraph Access Token'
required: true
github_token:
description: 'GitHub token to pull deep repository metrics'
required: true
default: ${{ github.token }}
max_depth:
description: 'How deep to crawl the dependency tree'
required: false
default: '1'
include_forks:
description: 'Set to true to search forks'
required: false
default: 'false'
output_file:
description: 'The name of the generated JSON file'
required: false
default: 'dependency_graph.json'
upload_artifact:
description: 'If true, uploads the results as build artifacts'
required: false
default: 'false'
artifact_name:
description: 'The base name of the artifact to upload'
required: false
default: 'dependency-graph'
separate_artifacts:
description: 'If true, uploads the JSON and SPDX snippets as two separate ZIPs'
required: false
default: 'false'
custom_search_string:
description: 'A custom regex or string to search for'
required: false
custom_filename:
description: 'Limit search to this filename'
required: false
use_defaults:
description: 'If false, disables standard C++ header/pragma searching'
required: false
default: 'true'
runs:
using: "composite"
steps:
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install Dependencies
shell: bash
run: pip install requests argparse
- name: Run Audit Script
shell: bash
run: |
CMD="python ${{ github.action_path }}/audit_dependents.py \
--repo '${{ inputs.root_repo }}' \
--name '${{ inputs.project_name }}' \
--depth ${{ inputs.max_depth }} \
--out '${{ inputs.output_file }}' \
--token '${{ inputs.sourcegraph_token }}' \
--gh-token '${{ inputs.github_token }}'"
if [ "${{ inputs.include_forks }}" == "true" ]; then
CMD="$CMD --forks"
fi
if [ -n "${{ inputs.custom_search_string }}" ]; then
CMD="$CMD --custom-string '${{ inputs.custom_search_string }}'"
fi
if [ -n "${{ inputs.custom_filename }}" ]; then
CMD="$CMD --custom-file '${{ inputs.custom_filename }}'"
fi
if [ "${{ inputs.use_defaults }}" == "false" ]; then
CMD="$CMD --no-defaults"
fi
eval $CMD
- name: Upload Combined Artifact
if: inputs.upload_artifact == 'true' && inputs.separate_artifacts == 'false'
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.artifact_name }}
path: |
${{ inputs.output_file }}
spdx_snippets/
- name: Upload JSON Graph (Separated)
if: inputs.upload_artifact == 'true' && inputs.separate_artifacts == 'true'
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.artifact_name }}-json
path: ${{ inputs.output_file }}
- name: Upload SPDX Snippets (Separated)
if: inputs.upload_artifact == 'true' && inputs.separate_artifacts == 'true'
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.artifact_name }}-spdx
path: spdx_snippets/