-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathaction.yml
36 lines (36 loc) · 1.46 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# ______ _ _ ___ _ ____________
# | ___ \ | | | / _ \ | | | ___ \ ___ \
# | |_/ / |__ _ _| |_ _ _ __ ___ / /_\ \_ __ __ _| |_ _ _______ | |_/ / |_/ /
# | __/| '_ \| | | | | | | | '_ ` _ \ | _ | '_ \ / _` | | | | |_ / _ \ | __/| /
# | | | | | | |_| | | |_| | | | | | | | | | | | | | (_| | | |_| |/ / __/ | | | |\ \
# \_| |_| |_|\__, |_|\__,_|_| |_| |_| \_| |_/_| |_|\__,_|_|\__, /___\___| \_| \_| \_|
# __/ | __/ |
# |___/ |___/
---
name: Phylum Analyze PR
author: Phylum, Inc. <engineering@phylum.io>
description: Scan dependencies with Phylum to block software supply chain attacks
branding:
icon: check-circle
color: blue
inputs:
github_token:
description: GITHUB_TOKEN with at least write access to pull-requests scope or a repo scoped PAT
required: true
default: ${{ github.token }}
phylum_token:
description: Phylum token
required: true
cmd:
description: The phylum-ci command line to pass to the Docker container's entrypoint
required: true
default: phylum-ci -vv
runs:
using: docker
image: docker://ghcr.io/phylum-dev/phylum-ci:latest
entrypoint: entrypoint.sh
env:
GITHUB_TOKEN: ${{ inputs.github_token }}
PHYLUM_API_KEY: ${{ inputs.phylum_token }}
args:
- ${{ inputs.cmd }}