Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix enabled flag #608

Merged
merged 5 commits into from
May 30, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 7 additions & 8 deletions .github/workflows/full-loop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,32 +26,31 @@ jobs:
gh_to_slack_user_map: ${{ secrets.GH_TO_SLACK_USER_MAP }}
- run: |
set -e
echo ${{ steps.action.outputs.reviewdog-findings }}
if ((${{ steps.action.outputs.reviewdog-findings }} < 106)); then
if ((${{ fromJson(steps.action.outputs.reviewdog-findings) }} < 106)); then
echo "Too few reviewdog findings"
exit 1
fi
if ((${{ steps.action.outputs.safesvg-count }} < 2)); then
if ((${{ fromJson(steps.action.outputs.safesvg-count) }} < 2)); then
echo "Too few safesvg findings"
exit 1
fi
if ((${{ steps.action.outputs.tfsec-count }} < 4)); then
if ((${{ fromJson(steps.action.outputs.tfsec-count) }} < 4)); then
echo "Too few tfsec findings"
exit 1
fi
if ((${{ steps.action.outputs.semgrep-count }} < 97)); then
if ((${{ fromJson(steps.action.outputs.semgrep-count) }} < 97)); then
echo "Too few semgrep findings"
exit 1
fi
if ((${{ steps.action.outputs.sveltegrep-count }} < 3)); then
if ((${{ fromJson(steps.action.outputs.sveltegrep-count) }} < 3)); then
echo "Too few sveltegrep findings"
exit 1
fi
if ((${{ steps.action.outputs.npm-audit-count }} < 3)); then
if ((${{ fromJson(steps.action.outputs.npm-audit-count) }} < 3)); then
echo "Too few npm-audit findings"
exit 1
fi
if ((${{ steps.action.outputs.pip-audit-count }} < 2)); then
if ((${{ fromJson(steps.action.outputs.pip-audit-count) }} < 2)); then
echo "Too few pip-audit findings"
exit 1
fi
Expand Down
9 changes: 7 additions & 2 deletions action.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ module.exports = async ({ github, context, inputs, actionPath, core, debug = fal
const { default: getConfig } = await import(`${actionPath}/src/getConfig.js`)
const { default: getProperties } = await import(`${actionPath}/src/getProperties.js`)

// delete if empty string in inputs value
Object.keys(inputs).forEach(key => inputs[key] === '' && delete inputs[key])

const config = await getConfig({ owner: context.repo.owner, repo: context.repo.repo, path: '.github/security-action.json', debug, github })
const properties = await getProperties({ owner: context.repo.owner, repo: context.repo.repo, debug, github, prefix: 'security_action_' })

Expand All @@ -46,14 +49,16 @@ module.exports = async ({ github, context, inputs, actionPath, core, debug = fal

const debugLog = options.debug ? console.log : () => {}

debugLog('Options: ', options)

if (!options.enabled) { return }

debugLog('Security Action enabled')
// reviewdog-enabled-pr steps
const reviewdogEnabledPr = options.baseline_scan_only !== 'false' && process.env.GITHUB_EVENT_NAME === 'pull_request' && context.payload.pull_request.draft === false && context.actor !== 'dependabot[bot]'
const reviewdogEnabledPr = options.baseline_scan_only && process.env.GITHUB_EVENT_NAME === 'pull_request' && context.payload.pull_request.draft === false && context.actor !== 'dependabot[bot]'
debugLog(`Security Action enabled for PR: ${reviewdogEnabledPr}, baseline_scan_only: ${options.baseline_scan_only}, GITHUB_EVENT_NAME: ${process.env.GITHUB_EVENT_NAME}, context.actor: ${context.actor}, context.payload.pull_request.draft: ${context.payload.pull_request?.draft}`)
// reviewdog-enabled-full steps
const reviewdogEnabledFull = !reviewdogEnabledPr && (options.baseline_scan_only === 'false' || process.env.GITHUB_EVENT_NAME === 'workflow_dispatch')
const reviewdogEnabledFull = !reviewdogEnabledPr && (!options.baseline_scan_only || process.env.GITHUB_EVENT_NAME === 'workflow_dispatch')
debugLog(`Security Action enabled for full: ${reviewdogEnabledFull}, baseline_scan_only: ${options.baseline_scan_only}, GITHUB_EVENT_NAME: ${process.env.GITHUB_EVENT_NAME}`)
// reviewdog-enabled steps
if (!reviewdogEnabledPr && !reviewdogEnabledFull) { return }
Expand Down
4 changes: 2 additions & 2 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,12 +84,12 @@ runs:
using: 'composite'
steps:
- name: Store reviewdog enabled
# inputs.enabled == 'true' && (
# inputs.enabled != 'false' && (
# (inputs.baseline_scan_only != 'false' && github.event_name == 'pull_request' && github.event.pull_request.draft == false && github.actor != 'dependabot[bot]') # reviewdog-enabled-pr
# ||
# (inputs.baseline_scan_only == 'false' || github.event_name == 'workflow_dispatch') # reviewdog-enabled-full
# )
if: ${{ inputs.enabled == 'true' && ( (inputs.baseline_scan_only != 'false' && github.event_name == 'pull_request' && github.event.pull_request.draft == false && github.actor != 'dependabot[bot]') || (inputs.baseline_scan_only == 'false' || github.event_name == 'workflow_dispatch') )}}
if: ${{ inputs.enabled != 'false' && ( (inputs.baseline_scan_only != 'false' && github.event_name == 'pull_request' && github.event.pull_request.draft == false && github.actor != 'dependabot[bot]') || (inputs.baseline_scan_only == 'false' || github.event_name == 'workflow_dispatch') )}}
id: reviewdog-enabled
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
Expand Down