Action input to run scan asynchronously

Allow users to configure an asynchronous scan from the action input. Asynchronous scan is a common action so it is easier to set this via the action configuration. Also only displays scan result if we have actual results from Checkmarx One. Signed-off-by: Jimmy Thrasibule <dev@jimmy.lt>
Checkmarx · Oct 6, 2023 · 8535432 · 8535432
1 parent bc07d46
commit 8535432
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/action.yml b/action.yml
@@ -42,6 +42,10 @@ inputs:
     required: false
     default: ${{ github.event.number }}
     description: "Pr Number of the pull request that needs the decoration"
+  scan_async:
+    required: false
+    default: ${{ false }}
+    description: "Do not wait for scan completion"
 outputs: 
   cxcli:
     description: output from cli
@@ -77,6 +81,7 @@ runs:
     REPO_NAME: ${{ inputs.repo_name }}
     NAMESPACE: ${{ inputs.namespace }}
     PR_NUMBER: ${{ inputs.pr_number }}
+    SCAN_ASYNC: ${{ inputs.scan_async }}
 
 branding:
   icon: 'check'

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -3,6 +3,8 @@
 output_file=./output.log
 
 eval "arr=(${ADDITIONAL_PARAMS})"
+[ "${SCAN_ASYNC}" == "true" ] && arr+=("--async")
+
 /app/bin/cx scan create --project-name "${PROJECT_NAME}" -s "." --branch "${BRANCH#refs/heads/}" --scan-info-format json --agent "Github Action" "${arr[@]}" | tee -i $output_file
 exitCode=${PIPESTATUS[0]}
 
@@ -16,7 +18,7 @@ else
 fi
 
 
-if [ -n "$scanId" ]; then
+if [ "${SCAN_ASYNC}" != "true" -a -n "$scanId" ]; then
   /app/bin/cx results show --scan-id "${scanId}" --report-format markdown 
   cat ./cx_result.md >$GITHUB_STEP_SUMMARY
   rm ./cx_result.md