From 706b320293dc78cd4957eede751f539c292a214e Mon Sep 17 00:00:00 2001 From: Andrea Brancaleoni Date: Wed, 8 May 2024 15:05:43 +0200 Subject: [PATCH] Revert "action.yml: no more bash" This reverts commit ebfde1aa99242b1673d45b6faeb438e30bfa17ea. --- action.yml | 59 ++++++++++++++++++------------------------------------ 1 file changed, 20 insertions(+), 39 deletions(-) diff --git a/action.yml b/action.yml index f2950528..3955ba14 100644 --- a/action.yml +++ b/action.yml @@ -167,18 +167,13 @@ runs: bundler-cache: true - if: ${{ steps.reviewdog-enabled.outputs.result == 'true' }} name: Install semgrep & pip-audit - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const { execSync } = require('child_process'); - execSync('pip install --disable-pip-version-check -r ${{ github.action_path }}/requirements.txt'); + shell: bash + run: | + python3 -m pip install --disable-pip-version-check -r ${{ github.action_path }}/requirements.txt - if: ${{ steps.reviewdog-enabled.outputs.result == 'true' }} name: Install xmllint for safesvg - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const { execSync } = require('child_process'); - execSync('sudo apt-get install -y libxml2-utils'); + shell: bash + run: sudo apt-get install -y libxml2-utils - if: ${{ steps.reviewdog-enabled.outputs.result == 'true' }} name: Install tfsec uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 @@ -189,36 +184,25 @@ runs: - if: ${{ steps.reviewdog-enabled.outputs.result == 'true' && inputs.debug == 'true'}} env: ASSIGNEES: ${{inputs.assignees}} - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const { execSync } = require('child_process') - execSync('${{ github.action_path }}/assets/debug.sh') - # REVIEWDOG Run + run: ${{ github.action_path }}/assets/debug.sh + shell: bash + # REVIEWDOG Run - if: ${{ steps.reviewdog-enabled-pr.outputs.result == 'true' }} name: Run reviewdog id: run-reviewdog-pr + shell: bash env: ASSIGNEES: ${{inputs.assignees}} REVIEWDOG_GITHUB_API_TOKEN: ${{ inputs.github_token }} SEC_ACTION_DEBUG: ${{ inputs.debug }} PYPI_INDEX_URL: ${{ inputs.pip_audit_pypi_index_url }} PYPI_INSECURE_HOSTS: ${{ inputs.pip_audit_pypi_insecure_hosts }} - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const { execSync } = require('child_process') - execSync('${{ github.action_path }}/assets/reviewdog.sh') + run: ${{ github.action_path }}/assets/reviewdog.sh - if: ${{ steps.reviewdog-enabled-full.outputs.result == 'true' }} name: Run reviewdog full id: run-reviewdog-full - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - env: - GITHUB_BASE_REF: '' - with: - script: | - const { execSync } = require('child_process') - execSync('${{ github.action_path }}/assets/reviewdog.sh') + shell: bash + run: unset GITHUB_BASE_REF && ${{ github.action_path }}/assets/reviewdog.sh - id: comments-after if: ${{ steps.reviewdog-enabled-pr.outputs.result == 'true' }} uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 @@ -282,18 +266,15 @@ runs: github_token: ${{ inputs.github_token }} assignees: ${{ fromJson(steps.assignees-after.outputs.result) }} - if: ${{ steps.reviewdog-enabled-pr.outputs.result == 'true' && hashFiles('reviewdog.fail.log') }} - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const fs = require('fs') - const log = fs.readFileSync('reviewdog.fail.log', 'UTF-8').replaceAll(/^/g, '\x1B[0;34m') - console.log('\033[0;31mThis action encountered an error while reporting the following findings via the Github API:') - console.log(log) - console.log('\033[0;31mThe failure of this action should not prevent you from merging your PR. Please report this failure to the maintainers of https://github.com/brave/security-action \033[0m') + shell: bash + run: | + set +x + echo -e '\033[0;31mThis action encountered an error while reporting the following findings via the Github API:' + cat reviewdog.fail.log | sed 's/^/\x1B[0;34m/' + echo -e '\033[0;31mThe failure of this action should not prevent you from merging your PR. Please report this failure to the maintainers of https://github.com/brave/security-action \033[0m' - if: ${{ steps.reviewdog-enabled.outputs.result == 'true' && !inputs.slack_token && hashFiles('reviewdog.fail.log') }} - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: throw new Error('Error was thrown and Slack token is missing, exiting eagerly!') + shell: bash + run: exit 1 - if: ${{ steps.reviewdog-enabled-pr.outputs.result == 'true' && inputs.slack_token && hashFiles('reviewdog.fail.log') }} id: reviewdog-fail-log-head uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1