diff --git a/.github/workflows/test-container-action-sarif.yaml b/.github/workflows/test-container-action-sarif.yaml index 4335dd1..358364e 100644 --- a/.github/workflows/test-container-action-sarif.yaml +++ b/.github/workflows/test-container-action-sarif.yaml @@ -1,6 +1,8 @@ name: Test sarif on: + pull_request: + branches: [main] workflow_dispatch: permissions: @@ -13,7 +15,7 @@ jobs: permissions: security-events: write steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # ratchet:actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4.2.2 - name: Scan Container Image id: orcasecurity_container_image_scan uses: ./ @@ -24,13 +26,13 @@ jobs: format: "json,sarif" output: "results/" console_output: "table" - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # ratchet:actions/upload-artifact@v4 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 if: always() with: name: orca-results path: results/ - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # ratchet:github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # ratchet:github/codeql-action/upload-sarif@v3.27.5 if: ${{ always() && steps.orcasecurity_container_image_scan.outputs.exit_code != 1 }} with: sarif_file: results/image.sarif diff --git a/.github/workflows/test-container-action.yaml b/.github/workflows/test-container-action.yaml index ce60d8a..7057809 100644 --- a/.github/workflows/test-container-action.yaml +++ b/.github/workflows/test-container-action.yaml @@ -1,6 +1,8 @@ name: Test Orca Container Image action on: + pull_request: + branches: [main] workflow_dispatch: permissions: @@ -10,7 +12,7 @@ jobs: container_scan_job: runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # ratchet:actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4.2.2 - name: Scan Container Image uses: ./ with: @@ -20,7 +22,7 @@ jobs: format: "json" output: "results/" console_output: "table" - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # ratchet:actions/upload-artifact@v4 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 if: always() with: name: orca-results diff --git a/action.yaml b/action.yaml index 21ab9ce..82db4df 100644 --- a/action.yaml +++ b/action.yaml @@ -27,16 +27,6 @@ inputs: description: "Disable logs and warnings output" required: false default: "false" - baseline_context_key: - description: "Use this context key in case of no autodetect is configured on project" - required: false - disable_baseline: - description: "Do not compare to baseline on this scan" - required: false - default: "false" - sync_baseline: - description: "Sync baseline base on this flag" - required: false disable_err_report: description: "Suppress error reporting to the monitoring platform" required: false diff --git a/entrypoint.sh b/entrypoint.sh index e497f8e..cfb6cae 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -33,18 +33,9 @@ function set_global_flags() { if [ "${INPUT_CONFIG}" ]; then GLOBAL_FLAGS+=(--config "${INPUT_CONFIG}") fi - if [ "${INPUT_BASELINE_CONTEXT_KEY}" ]; then - GLOBAL_FLAGS+=(--baseline-context-key "${INPUT_BASELINE_CONTEXT_KEY}") - fi - if [ "${INPUT_DISABLE_BASELINE}" == "true" ]; then - GLOBAL_FLAGS+=(--disable-baseline) - fi if [ "${INPUT_DISABLE_ERR_REPORT}" == "true" ]; then GLOBAL_FLAGS+=(--disable-err-report) fi - if [ "${INPUT_SYNC_BASELINE}" ]; then - GLOBAL_FLAGS+=(--sync-baseline "${INPUT_SYNC_BASELINE}") - fi if [ "${INPUT_DISPLAY_NAME}" ]; then GLOBAL_FLAGS+=(--display-name "${INPUT_DISPLAY_NAME}") fi