From 7611b85486f05a1f81cd4ce725980556feebcfdb Mon Sep 17 00:00:00 2001 From: Benji Visser Date: Wed, 7 Feb 2024 10:04:08 -0500 Subject: [PATCH] fail build false by default (#25) * fail build false by default Signed-off-by: Benji Visser * update readme Signed-off-by: Benji Visser --------- Signed-off-by: Benji Visser --- README.md | 8 ++++---- index.js | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2064749..c945a54 100644 --- a/README.md +++ b/README.md @@ -4,12 +4,12 @@ [![GitHub release](https://img.shields.io/github/release/xeol-io/xeol-action.svg)](https://github.com/xeol-io/xeol-action/releases/latest) [![License: MIT](https://img.shields.io/github/license/xeol-io/xeol-action)](https://img.shields.io/github/license/xeol-io/xeol-action) -_Find End-of-life (EOL) software in files or containers +Find End-of-life (EOL) software in files or containers ![image](https://user-images.githubusercontent.com/4740147/215561344-5c5bba89-c4a4-4c72-ad71-58c48d5e41d6.png) -This is a GitHub Action for invoking the [Xeol](https://github.com/xeol-io/xeol) scanner and returning the end-of-life (EOL) packages, -and fail if an out-of-date package is found. +This is a GitHub Action for invoking the [Xeol](https://github.com/xeol-io/xeol) scanner and returning the end-of-life (EOL) packages. You can set it to fail pipelines when +EOL software is found by setting the `fail-build` input to `true`. Use this in your workflows to quickly verify files or containers' content after a build and before pushing, allowing PRs, or deploying updates. @@ -112,7 +112,7 @@ The inputs `image`, `path`, and `sbom` are mutually exclusive to specify the sou | `sbom` | The SBOM to scan | N/A | | `registry-username` | The registry username to use when authenticating to an external registry | | | `registry-password` | The registry password to use when authenticating to an external registry | | -| `fail-build` | Fail the build if an end-of-life (EOL) software is found | `true` | +| `fail-build` | Fail the build if an end-of-life (EOL) software is found | `false` | | `api-key` | The API key to use to send results to xeol.io | N/A | | `output-format` | Set the output parameter after successful action execution. Valid choices are `json`, and `table`, where `table` output will print to the console instead of generating a file. | `table` | diff --git a/index.js b/index.js index 19d4b05..eca055c 100644 --- a/index.js +++ b/index.js @@ -86,7 +86,7 @@ async function run() { // Xeol accepts several input options, initially this action is supporting both `image` and `path`, so // a check must happen to ensure one is selected at least, and then return it const source = sourceInput(); - const failBuild = core.getInput("fail-build") || "true"; + const failBuild = core.getInput("fail-build") || "false"; const apiKey = core.getInput("api-key") || ""; const outputFormat = core.getInput("output-format") || "table"; const out = await runScan({