-
-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathaction.yml
95 lines (91 loc) · 2.97 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: 'Run tfsec with reviewdog'
description: '🐶 Run tfsec with reviewdog on pull requests to enforce security best practices'
author: 'vlaaaaaaad (reviewdog)'
inputs:
github_token:
description: 'GITHUB_TOKEN'
required: true
default: "${{ github.token }}"
working_directory:
description: |
Directory to run the action on, from the repo root.
Default is . ( root of the repository)
default: '.'
required: false
level:
description: 'Report level for reviewdog [info,warning,error]'
default: 'error'
required: false
tool_name:
description: |
The name for the report as it will show up in GitHub's interface.
Default is tfsec.
default: 'tfsec'
required: false
reporter:
description: |
Reporter of reviewdog command [github-pr-check,github-pr-review].
Default is github-pr-check.
default: 'github-pr-check'
required: false
filter_mode:
description: |
Filtering for the reviewdog command [added,diff_context,file,nofilter].
Default is added.
default: 'added'
required: false
fail_on_error:
description: |
Exit code for reviewdog when errors are found [true,false]
Default is `false`.
default: 'false'
required: false
flags:
description: 'Additional reviewdog flags'
default: ''
required: false
tfsec_version:
description: |
The version of tfsec to install.
Default is latest.
default: 'latest'
required: false
tfsec_flags:
description: |
List of arguments to send to tfsec
For the output to be parsable by reviewdog --format=checkstyle is enforced
Default is blank.
default: ''
required: false
outputs:
tfsec-return-code:
description: 'tfsec command return code'
value: ${{ steps.tfsec.outputs.tfsec-return-code }}
reviewdog-return-code:
description: 'reviewdog command return code'
value: ${{ steps.tfsec.outputs.reviewdog-return-code }}
runs:
using: 'composite'
steps:
- run: $GITHUB_ACTION_PATH/script.sh
id: tfsec
shell: bash
env:
# We may want to allow specifying reviewdog version as
# action's input, but let's start with hard coded latest stable version for reviewdog
REVIEWDOG_VERSION: v0.20.2
# INPUT_<VARIABLE_NAME> is not available in Composite run steps
# https://github.community/t/input-variable-name-is-not-available-in-composite-run-steps/127611
INPUT_GITHUB_TOKEN: ${{ inputs.github_token }}
INPUT_WORKING_DIRECTORY: ${{ inputs.working_directory }}
INPUT_LEVEL: ${{ inputs.level }}
INPUT_REPORTER: ${{ inputs.reporter }}
INPUT_TOOL_NAME: ${{ inputs.tool_name }}
INPUT_FILTER_MODE: ${{ inputs.filter_mode }}
INPUT_FAIL_ON_ERROR: ${{ inputs.fail_on_error }}
INPUT_FLAGS: ${{ inputs.flags }}
INPUT_TFSEC_VERSION: ${{ inputs.tfsec_version }}
INPUT_TFSEC_FLAGS: ${{ inputs.tfsec_flags }}
branding:
icon: 'edit'
color: 'gray-dark'