full-loop.yml

name: full-loop
on:
  workflow_dispatch:
  push:
    branches: [main]
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]
    branches: [main]
permissions:
  contents: read
jobs:
  full-loop:
    name: full-loop
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          fetch-depth: 0
      - uses: ./
        name: Run action on full security-action repo
        id: action
        with:
          debug: true
          github_token: ${{ secrets.GITHUB_TOKEN }}
          baseline_scan_only: false
          gh_to_slack_user_map: ${{ secrets.GH_TO_SLACK_USER_MAP }}
      - run: |
          echo ${{ steps.action.outputs.reviewdog-findings }}
          if ((${{ steps.action.outputs.reviewdog-findings }} < 106)); then
            echo "Too few reviewdog findings"
            exit 1
          fi
          if ((${{ steps.action.outputs.safesvg-count }} < 2)); then
            echo "Too few safesvg findings"
            exit 1
          fi
          if ((${{ steps.action.outputs.tfsec-count }} < 4)); then
            echo "Too few tfsec findings"
            exit 1
          fi
          if ((${{ steps.action.outputs.semgrep-count }} < 97)); then
            echo "Too few semgrep findings"
            exit 1
          fi
          if ((${{ steps.action.outputs.sveltegrep-count }} < 3)); then
            echo "Too few sveltegrep findings"
            exit 1
          fi
          if ((${{ steps.action.outputs.npm-audit-count }} < 3)); then
            echo "Too few npm-audit findings"
            exit 1
          fi
          if ((${{ steps.action.outputs.pip-audit-count }} < 2)); then
            echo "Too few pip-audit findings"
            exit 1
          fi
        shell: bash
        name: Check number of findings