-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
110 lines (109 loc) · 3.41 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: 'pkgchk'
description: 'An Action for .Net package dependency checks & PRs.'
author: "tonycknight"
inputs:
project-path: # id of input
description: 'The relative path to the solution or project'
required: true
deprecated: # id of input
description: 'Include deprecated packages in scans'
required: false
default: false
vulnerable: # id of input
description: 'Include vulneraeble packages in scans'
required: false
default: true
transitives: # id of input
description: 'Include transitive packages in scans'
required: false
default: true
trace: # id of input
description: 'Output trace'
required: false
default: false
github-token: # id of input
description: 'Github token'
required: true
default: ${{ github.token }}
repo: # id of input
description: 'The repository name, as owner/repo'
required: false
default: ${{ github.repository }}
github-title: # id of input
description: 'The report title'
required: false
default: 'Package vulnerabilities'
prid: # id of input
description: 'The pull request ID'
required: false
default: ${{ github.event.number }}
commit-hash: # id of input
description: 'The commit hash'
required: false
default: ${{ github.sha }}
fail-on-critical: # id of input
description: 'fail on Critical severity vulnerabilities and packages deprecated for Critical Bugs reasons'
required: true
default: true
fail-on-high: # id of input
description: 'fail on High severity vulnerabilities'
required: true
default: true
fail-on-moderate: # id of input
description: 'fail on Moderate severity vulnerabilities'
required: true
default: false
fail-on-legacy: # id of input
description: 'fail on packages deprecated for Legacy reasons'
required: true
default: false
pass-img: # id of input
description: 'URI of an image for successful scans'
required: false
default: ''
fail-img: # id of input
description: 'URI of an image for failed scans'
required: false
default: ''
runs:
using: 'docker'
image: 'docker://ghcr.io/tonycknight/pkgchk-cli:v0.2.388'
args:
- /github/workspace/${{ inputs.project-path }}
- '--deprecated'
- ${{ inputs.deprecated }}
- '--vulnerable'
- ${{ inputs.vulnerable }}
- '--transitive'
- ${{ inputs.transitives }}
- '--trace'
- ${{ inputs.trace }}
- '--github-token'
- ${{ inputs.github-token }}
- '--github-repo'
- ${{ inputs.repo }}
- '--github-pr'
- ${{ inputs.prid }}
- '--github-commit'
- ${{ inputs.commit-hash }}
- '--github-title'
- ${{ inputs.github-title }}
- '--pass-img'
- ${{ inputs.pass-img }}
- '--fail-img'
- ${{ inputs.fail-img }}
# https://7tonshark.com/posts/github-actions-ternary-operator/
# https://pablissimo.com/1137/github-actions-ternary-operators-and-default-values
- '-s'
- ${{ inputs.fail-on-critical == 'true' && 'Critical' || ' ' }}
- '-s'
- ${{ inputs.fail-on-high == 'true' && 'High' || ' ' }}
- '-s'
- ${{ inputs.fail-on-moderate == 'true' && 'Moderate' || ' ' }}
- '-s'
- ${{ inputs.fail-on-critical == 'true' && 'Critical Bugs' || ' ' }}
- '-s'
- ${{ inputs.fail-on-legacy == 'true' && 'Legacy' || ' ' }}
branding:
icon: 'shield'
color: 'green'