-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathaction.yml
77 lines (64 loc) · 2.23 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
name: 'secret-scanning-custom-action'
description: 'Testing Suite for GitHub Secret Scanning Custom Patterns'
branding:
icon: shield
color: blue
inputs:
repository:
description: Repository owner and repo name
default: ${{ github.repository }}
token:
description: GitHub Personal Access Token
default: ${{ github.token }}
mode:
description: Secret Scanning Test Suite Mode
default: validate
templates-path:
description: Path to template directory
template-main:
description: Main README template name
template-patterns:
description: PATTERNS template name
path:
description: Path to scan
default: ${{ github.workspace }}
argvs:
description: Additional arguments
runs:
using: "composite"
steps:
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.9'
if: runner.environment == 'github-hosted' || (runner.tool_cache != '' && runner.tool_cache != null)
- name: Install Dependencies
shell: bash
run: |
echo "::group::Installing Dependencies"
pushd ${{ github.action_path }}
python3 -m pip install pipenv && python3 -m pipenv install --system
popd
echo "::endgroup::"
- name: Run Secret Scanning tools
shell: bash
env:
INPUTS_MODE: ${{ inputs.mode }}
INPUTS_PATH: ${{ inputs.path }}
INPUTS_TOKEN: ${{ inputs.token }}
INPUTS_REPOSITORY: ${{ inputs.repository }}
INPUTS_TEMPLATES_PATH: ${{ inputs.templates-path }}
INPUTS_TEMPLATE_MAIN: ${{ inputs.template-main }}
INPUTS_TEMPLATE_PATTERNS: ${{ inputs.template-patterns }}
run: |
echo "::group::Running Secret Scanning tools: ${INPUTS_MODE}"
cd ${{ github.action_path }}
python3 -m secretscanning \
"--${INPUTS_MODE}" \
--path "${INPUTS_PATH}" \
--github-token "${INPUTS_TOKEN}" \
--github-repository "${INPUTS_REPOSITORY}" \
${INPUTS_TEMPLATES_PATH:+--templates "${INPUTS_TEMPLATES_PATH}"} \
${INPUTS_TEMPLATE_MAIN:+--templates-main "${INPUTS_TEMPLATE_MAIN}"} \
${INPUTS_TEMPLATE_PATTERNS:+--templates-patterns "${INPUTS_TEMPLATE_PATTERNS}"}
${{ inputs.argvs }}