diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml index 354bee8..709b3c2 100644 --- a/.github/workflows/test-action.yml +++ b/.github/workflows/test-action.yml @@ -25,9 +25,9 @@ jobs: id: test-action uses: ./ with: -# sbom-ignore: 'scanoss-ignore.json' - with-dependencies: true -# github-token: ${{ secrets.GITHUB_TOKEN }} + sbom.enabled: false + dependencies.enabled: true + policies: copyleft, undeclared - name: Print stdout scan command diff --git a/README.md b/README.md index c7da57e..3dfd80a 100644 --- a/README.md +++ b/README.md @@ -49,15 +49,17 @@ For example workflow runs, check out the ### Action Input Parameters -| **Parameter** | **Description** | **Required** | **Default** | -|--------------|------------------------------------------------|--------------|-------------| -| github-token | Your GitHub token | Optional | `${{ github.token }}` | -| output-path | Output result file name. | Optional | `results.json` | -| sbom-identify | Scan and identify components in SBOM file | Optional | - | -| sbom-ignore | Ignore components specified in the SBOM file | Optional | - | -| api-url | SCANOSS API URL | Optional | `https://osskb.org/api/scan/direct` | -| api-key | SCANOSS API Key token | Optional | - | -| with-dependencies | Scan dependencies | Optional | `false` | +| **Parameter** | **Description** | **Required** | **Default** | +|----------------------|-----------------------------------------------------------------------|--------------|-------------------------------------| +| github.token | Your GitHub token | Optional | `${{ github.token }}` | +| output.filepath | Output result file name. | Optional | `results.json` | +| sbom.enabled | Enable or disable scanning based on the SBOM file | Optional | `true` | +| sbom.filepath | Filepath of the SBOM file to be used for scanning | Optional | `sbom.json` | +| sbom.type | Type of SBOM operation: either 'identify' or 'ignore | Optional | `identify` | +| dependencies.enabled | Option to enable or disable scanning of dependencies. | Optional | `true` | +| policies | List of policies separated by commas, such as "copyleft, undeclared". | Optional | `true` | +| api.url | SCANOSS API URL | Optional | `https://osskb.org/api/scan/direct` | +| api.key | SCANOSS API Key token | Optional | - | ### Action Output Parameters In addition to the automatically generated reports, the action also outputs the raw scan data, enabling you to integrate the output into your custom workflow @@ -111,12 +113,10 @@ jobs: id: scanoss-scan-action uses: scanoss/actions-scan@main with: - github-token: ${{ secrets.GITHUB_TOKEN }} - output-path: example_results.json - sbom-ignore: sbom.json + github.token: ${{ secrets.GITHUB_TOKEN }} # api-url: # api-key: - with-dependencies: true + dependencies.enabled: true - name: Print stdout scan command run: echo "${{ steps.scanoss-scan-action.outputs.stdout-scan-command }}" diff --git a/action.yml b/action.yml index 832c78e..c7172b8 100644 --- a/action.yml +++ b/action.yml @@ -9,29 +9,38 @@ branding: # Define your inputs here. inputs: - github-token: - description: 'Your GitHub token' + policies: + description: 'List of policies separated by comma (e.g., "copyleft, undeclared")' required: false - default: ${{ github.token }} - output-path: - description: 'Output result file name' + sbom.enabled: + description: 'Enable Sbom Identify' required: false - default: 'results.json' - sbom-identify: - description: 'Scan and identify components in SBOM file' + default: true + sbom.filepath: + description: 'Sbom filepath' required: false - sbom-ignore: - description: 'Ignore components specified in the SBOM file' + default: 'sbom.json' + sbom.type: + description: 'Sbom type (identify | ignore)' required: false - api-key: + default: 'identify' + api.key: description: 'SCANOSS API Key token (optional - not required for default OSSKB URL)' required: false - api-url: + api.url: description: 'SCANOSS API URL (optional - default: https://osskb.org/api/scan/direct)' required: false - with-dependencies: + dependencies.enabled: description: 'Scan dependencies (optional - default false)' required: false + default: enabled + output.filepath: + required: false + default: 'results.json' + github.token: + description: 'Your GitHub token' + required: false + default: ${{ github.token }} # Define your outputs here. outputs: diff --git a/dist/index.js b/dist/index.js index 4592b27..e79821e 100644 --- a/dist/index.js +++ b/dist/index.js @@ -125736,16 +125736,18 @@ var __importStar = (this && this.__importStar) || function (mod) { return result; }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.WITH_DEPENDENCIES = exports.API_URL = exports.API_KEY = exports.SBOM_IGNORE = exports.SBOM_INDENTIFY = exports.OUTPUT_PATH = exports.GITHUB_TOKEN = exports.REPO_DIR = void 0; +exports.REPO_DIR = exports.GITHUB_TOKEN = exports.OUTPUT_FILEPATH = exports.API_URL = exports.API_KEY = exports.DEPENDENCIES_ENABLED = exports.SBOM_TYPE = exports.SBOM_FILEPATH = exports.SBOM_ENABLED = exports.POLICIES = void 0; const core = __importStar(__nccwpck_require__(42186)); +exports.POLICIES = core.getInput('policies'); +exports.SBOM_ENABLED = core.getInput('sbom.enabled') === 'true'; +exports.SBOM_FILEPATH = core.getInput('sbom.filepath'); +exports.SBOM_TYPE = core.getInput('sbom.type'); +exports.DEPENDENCIES_ENABLED = core.getInput('dependencies.enabled') === 'true'; +exports.API_KEY = core.getInput('api.key'); +exports.API_URL = core.getInput('api.url'); +exports.OUTPUT_FILEPATH = core.getInput('output.filepath'); +exports.GITHUB_TOKEN = core.getInput('github.token'); exports.REPO_DIR = process.env.GITHUB_WORKSPACE; -exports.GITHUB_TOKEN = core.getInput('github-token'); -exports.OUTPUT_PATH = core.getInput('output-path'); -exports.SBOM_INDENTIFY = core.getInput('sbom-identify'); -exports.SBOM_IGNORE = core.getInput('sbom-ignore'); -exports.API_KEY = core.getInput('api-key'); -exports.API_URL = core.getInput('api-url'); -exports.WITH_DEPENDENCIES = core.getInput('with-dependencies'); /***/ }), @@ -125816,7 +125818,7 @@ async function run() { // run scan const { stdout, stderr } = await exec.getExecOutput((0, scan_service_1.commandBuilder)(), []); await (0, scan_service_1.uploadResults)(); - const scannerResults = await (0, result_service_1.readResult)(inputs.OUTPUT_PATH); + const scannerResults = await (0, result_service_1.readResult)(inputs.OUTPUT_FILEPATH); // run policies policies.forEach(async (policy) => await policy.run(scannerResults)); if ((0, github_utils_1.isPullRequest)()) { @@ -125826,7 +125828,7 @@ async function run() { } await (0, report_service_1.generateJobSummary)(scannerResults); // set outputs for other workflow steps to use - core.setOutput(outputs.RESULT_FILEPATH, inputs.OUTPUT_PATH); + core.setOutput(outputs.RESULT_FILEPATH, inputs.OUTPUT_FILEPATH); core.setOutput(outputs.STDOUT_SCAN_COMMAND, stdout); } catch (error) { @@ -126209,15 +126211,14 @@ const input = __importStar(__nccwpck_require__(483)); const artifact_1 = __nccwpck_require__(79450); const artifact = new artifact_1.DefaultArtifactClient(); async function uploadResults() { - await artifact.uploadArtifact(path_1.default.basename(input.OUTPUT_PATH), [input.OUTPUT_PATH], path_1.default.dirname(input.OUTPUT_PATH)); + await artifact.uploadArtifact(path_1.default.basename(input.OUTPUT_FILEPATH), [input.OUTPUT_FILEPATH], path_1.default.dirname(input.OUTPUT_FILEPATH)); } exports.uploadResults = uploadResults; function commandBuilder() { return `docker run -v "${input.REPO_DIR}":"/scanoss" ghcr.io/scanoss/scanoss-py:v1.9.0 scan . - --output ${input.OUTPUT_PATH} - ${input.WITH_DEPENDENCIES ? `--dependencies` : ''} - ${input.SBOM_INDENTIFY ? `--identify ${input.SBOM_INDENTIFY}` : ''} - ${input.SBOM_IGNORE ? `--ignore ${input.SBOM_IGNORE}` : ''} + --output ${input.OUTPUT_FILEPATH} + ${input.DEPENDENCIES_ENABLED ? `--dependencies` : ''} + ${input.SBOM_ENABLED ? `--${input.SBOM_TYPE} ${input.SBOM_FILEPATH}` : ''} ${input.API_URL ? `--apiurl ${input.API_URL}` : ''} ${input.API_KEY ? `--key ${input.API_KEY}` : ''}`.replace(/\n/gm, ''); } diff --git a/src/app.input.ts b/src/app.input.ts index 3880bef..17b859a 100644 --- a/src/app.input.ts +++ b/src/app.input.ts @@ -1,10 +1,12 @@ import * as core from '@actions/core'; +export const POLICIES = core.getInput('policies'); +export const SBOM_ENABLED = core.getInput('sbom.enabled') === 'true'; +export const SBOM_FILEPATH = core.getInput('sbom.filepath'); +export const SBOM_TYPE = core.getInput('sbom.type'); +export const DEPENDENCIES_ENABLED = core.getInput('dependencies.enabled') === 'true'; +export const API_KEY = core.getInput('api.key'); +export const API_URL = core.getInput('api.url'); +export const OUTPUT_FILEPATH = core.getInput('output.filepath'); +export const GITHUB_TOKEN = core.getInput('github.token'); export const REPO_DIR = process.env.GITHUB_WORKSPACE as string; -export const GITHUB_TOKEN = core.getInput('github-token'); -export const OUTPUT_PATH = core.getInput('output-path'); -export const SBOM_INDENTIFY = core.getInput('sbom-identify'); -export const SBOM_IGNORE = core.getInput('sbom-ignore'); -export const API_KEY = core.getInput('api-key'); -export const API_URL = core.getInput('api-url'); -export const WITH_DEPENDENCIES = core.getInput('with-dependencies'); diff --git a/src/main.ts b/src/main.ts index a017bf4..4c73493 100644 --- a/src/main.ts +++ b/src/main.ts @@ -24,7 +24,7 @@ export async function run(): Promise { // run scan const { stdout, stderr } = await exec.getExecOutput(commandBuilder(), []); await uploadResults(); - const scannerResults = await readResult(inputs.OUTPUT_PATH); + const scannerResults = await readResult(inputs.OUTPUT_FILEPATH); // run policies policies.forEach(async policy => await policy.run(scannerResults)); @@ -37,7 +37,7 @@ export async function run(): Promise { await generateJobSummary(scannerResults); // set outputs for other workflow steps to use - core.setOutput(outputs.RESULT_FILEPATH, inputs.OUTPUT_PATH); + core.setOutput(outputs.RESULT_FILEPATH, inputs.OUTPUT_FILEPATH); core.setOutput(outputs.STDOUT_SCAN_COMMAND, stdout); } catch (error) { // fail the workflow run if an error occurs diff --git a/src/services/scan.service.ts b/src/services/scan.service.ts index 7d7be3c..3f0c484 100644 --- a/src/services/scan.service.ts +++ b/src/services/scan.service.ts @@ -5,15 +5,18 @@ import { DefaultArtifactClient } from '@actions/artifact'; const artifact = new DefaultArtifactClient(); export async function uploadResults(): Promise { - await artifact.uploadArtifact(path.basename(input.OUTPUT_PATH), [input.OUTPUT_PATH], path.dirname(input.OUTPUT_PATH)); + await artifact.uploadArtifact( + path.basename(input.OUTPUT_FILEPATH), + [input.OUTPUT_FILEPATH], + path.dirname(input.OUTPUT_FILEPATH) + ); } export function commandBuilder(): string { return `docker run -v "${input.REPO_DIR}":"/scanoss" ghcr.io/scanoss/scanoss-py:v1.9.0 scan . - --output ${input.OUTPUT_PATH} - ${input.WITH_DEPENDENCIES ? `--dependencies` : ''} - ${input.SBOM_INDENTIFY ? `--identify ${input.SBOM_INDENTIFY}` : ''} - ${input.SBOM_IGNORE ? `--ignore ${input.SBOM_IGNORE}` : ''} + --output ${input.OUTPUT_FILEPATH} + ${input.DEPENDENCIES_ENABLED ? `--dependencies` : ''} + ${input.SBOM_ENABLED ? `--${input.SBOM_TYPE} ${input.SBOM_FILEPATH}` : ''} ${input.API_URL ? `--apiurl ${input.API_URL}` : ''} ${input.API_KEY ? `--key ${input.API_KEY}` : ''}`.replace(/\n/gm, ''); }