Skip to content

Commit

Permalink
action.yml: no more bash
Browse files Browse the repository at this point in the history
  • Loading branch information
thypon committed May 8, 2024
1 parent d483d38 commit 00882ac
Showing 1 changed file with 39 additions and 20 deletions.
59 changes: 39 additions & 20 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -167,13 +167,18 @@ runs:
bundler-cache: true
- if: ${{ steps.reviewdog-enabled.outputs.result == 'true' }}
name: Install semgrep & pip-audit
shell: bash
run: |
python3 -m pip install --disable-pip-version-check -r ${{ github.action_path }}/requirements.txt
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const { execSync } = require('child_process');
execSync('pip install --disable-pip-version-check -r ${{ github.action_path }}/requirements.txt');
- if: ${{ steps.reviewdog-enabled.outputs.result == 'true' }}
name: Install xmllint for safesvg
shell: bash
run: sudo apt-get install -y libxml2-utils
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const { execSync } = require('child_process');
execSync('sudo apt-get install -y libxml2-utils');
- if: ${{ steps.reviewdog-enabled.outputs.result == 'true' }}
name: Install tfsec
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0
Expand All @@ -184,25 +189,36 @@ runs:
- if: ${{ steps.reviewdog-enabled.outputs.result == 'true' && inputs.debug == 'true'}}
env:
ASSIGNEES: ${{inputs.assignees}}
run: ${{ github.action_path }}/assets/debug.sh
shell: bash
# REVIEWDOG Run
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const { execSync } = require('child_process')
execSync('${{ github.action_path }}/assets/debug.sh')
# REVIEWDOG Run
- if: ${{ steps.reviewdog-enabled-pr.outputs.result == 'true' }}
name: Run reviewdog
id: run-reviewdog-pr
shell: bash
env:
ASSIGNEES: ${{inputs.assignees}}
REVIEWDOG_GITHUB_API_TOKEN: ${{ inputs.github_token }}
SEC_ACTION_DEBUG: ${{ inputs.debug }}
PYPI_INDEX_URL: ${{ inputs.pip_audit_pypi_index_url }}
PYPI_INSECURE_HOSTS: ${{ inputs.pip_audit_pypi_insecure_hosts }}
run: ${{ github.action_path }}/assets/reviewdog.sh
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const { execSync } = require('child_process')
execSync('${{ github.action_path }}/assets/reviewdog.sh')
- if: ${{ steps.reviewdog-enabled-full.outputs.result == 'true' }}
name: Run reviewdog full
id: run-reviewdog-full
shell: bash
run: unset GITHUB_BASE_REF && ${{ github.action_path }}/assets/reviewdog.sh
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const { execSync } = require('child_process')
const env = { ...process.env }
delete env['GITHUB_BASE_REF']
execSync('${{ github.action_path }}/assets/reviewdog.sh', { env })
- id: comments-after
if: ${{ steps.reviewdog-enabled-pr.outputs.result == 'true' }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
Expand Down Expand Up @@ -262,15 +278,18 @@ runs:
github_token: ${{ inputs.github_token }}
assignees: ${{ fromJson(steps.assignees-after.outputs.result) }}
- if: ${{ steps.reviewdog-enabled-pr.outputs.result == 'true' && hashFiles('reviewdog.fail.log') }}
shell: bash
run: |
set +x
echo -e '\033[0;31mThis action encountered an error while reporting the following findings via the Github API:'
cat reviewdog.fail.log | sed 's/^/\x1B[0;34m/'
echo -e '\033[0;31mThe failure of this action should not prevent you from merging your PR. Please report this failure to the maintainers of https://github.com/brave/security-action \033[0m'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const fs = require('fs')
const log = fs.readFileSync('reviewdog.fail.log', 'UTF-8').replaceAll(/^/g, '\x1B[0;34m')
console.log('\033[0;31mThis action encountered an error while reporting the following findings via the Github API:')
console.log(log)
console.log('\033[0;31mThe failure of this action should not prevent you from merging your PR. Please report this failure to the maintainers of https://github.com/brave/security-action \033[0m')
- if: ${{ steps.reviewdog-enabled.outputs.result == 'true' && !inputs.slack_token && hashFiles('reviewdog.fail.log') }}
shell: bash
run: exit 1
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: throw new Error('Error was thrown and Slack token is missing, exiting eagerly!')
- if: ${{ steps.reviewdog-enabled-pr.outputs.result == 'true' && inputs.slack_token && hashFiles('reviewdog.fail.log') }}
id: reviewdog-fail-log-head
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
Expand Down

0 comments on commit 00882ac

Please sign in to comment.