This repository has been archived by the owner on Feb 27, 2023. It is now read-only.
generated from reviewdog/action-composite-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yml
167 lines (160 loc) · 6.14 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: 'Run terrascan with reviewdog'
description: 'TODO: 🐶 Run terrascan with reviewdog on pull requests to improve code review experience.'
author: 'yu-iskw'
inputs:
github_token:
description: 'GITHUB_TOKEN'
required: true
working-directory:
description: 'Working directory relative to the root directory.'
required: true
### reviewdog ###
reviewdog_version:
description: "reviewdog version"
default: "latest"
required: false
### Flags for reviewdog ###
level:
description: 'Report level for reviewdog [info,warning,error]'
default: 'error'
required: false
reporter:
description: 'Reporter of reviewdog command [github-check,github-pr-review].'
default: 'github-check'
required: false
filter-mode:
description: |
Filtering mode for the reviewdog command [added,diff_context,file,nofilter].
Default is file.
default: 'file'
required: false
fail-on-error:
description: |
Exit code for reviewdog when errors are found [true,false]
Default is `false`.
default: 'false'
required: false
### install terrascan
### SEE https://github.com/accurics/terrascan/releases
terrascan-platform:
description: "The platform of the terrascan binary (e.g. 'Linux_i386', 'Linux_x86_64')"
required: false
default: "Linux_i386"
terrascan-version:
description: "The version of terrascan downloaded from the GitHub repository"
required: false
default: "latest"
### terrascan init
### SEE https://github.com/accurics/terrascan/releases
terrascan-config-path:
description: 'config file path'
required: false
default: ''
terrascan-log-level:
description: 'log level (debug, info, warn, error, panic, fatal)'
required: false
default: ''
terrascan-iac-dir:
description: 'path to a directory containing one or more IaC files'
required: false
default: ''
terrascan-iac-type:
description: 'iac type (helm, k8s, kustomize, terraform, tfplan)'
required: true
default: ''
terrascan-iac-version:
description: 'iac version (helm: v3, k8s: v1, kustomize: v3, terraform: v12, v13, v14, tfplan: v1)'
required: false
default: ''
terrascan-policy-path:
description: |
A policy path directory
NOTE: When the issue will be resolved, we will think of how to receive multiple paths.
https://github.com/accurics/terrascan/issues/1079
required: false
default: ''
terrascan-policy-type:
description: 'policy type (all, aws, azure, gcp, github, k8s)'
required: false
default: ''
terrascan-remote-type:
description: 'type of remote backend (git, s3, gcs, http, terraform-registry)'
required: false
default: ''
terrascan-remote-url:
description: 'url pointing to remote IaC repository'
required: false
default: ''
terrascan-scan-rules:
description: 'one or more rules to scan (example: --scan-rules="ruleID1,ruleID2")'
required: false
default: ''
terrascan-severity:
description: 'minimum severity level of the policy violations to be reported by terrascan (HIGH, MEDIUM, LOW)'
required: false
default: ''
terrascan-skip-rules:
description: 'one or more rules to skip while scanning (example: --skip-rules="ruleID1,ruleID2")'
required: false
default: ''
terrascan-verbose:
description: 'will show violations with details (applicable for default output)'
required: false
default: "1"
only-warn:
description: 'will only warn and not error when violations are found'
required: false
default: ''
outputs:
terrascan-results:
description: 'The JSON object string of terrascan results'
value: ${{ steps.terrascan-with-reviewdog-in-composite.outputs.terrascan-results }}
terrascan-violations-count:
description: 'The number of violations'
value: ${{ steps.terrascan-with-reviewdog-in-composite.outputs.terrascan-violations-count }}
terrascan-exit-code:
description: 'The exit code of terrascan'
value: ${{ steps.terrascan-with-reviewdog-in-composite.outputs.terrascan-exit-code }}
terrascan-results-rdjson:
description: 'The JSON object string of terrascan results'
value: ${{ steps.terrascan-with-reviewdog-in-composite.outputs.terrascan-results-rdjson }}
reviewdog-return-code:
description: 'The exit code of reviewdog'
value: ${{ steps.terrascan-with-reviewdog-in-composite.outputs.reviewdog-return-code }}
runs:
using: 'composite'
steps:
- uses: reviewdog/action-setup@v1
with:
reviewdog_version: "${{ inputs.reviewdog_version }}"
- run: $GITHUB_ACTION_PATH/script.sh
id: terrascan-with-reviewdog-in-composite
shell: bash
env:
# INPUT_<VARIABLE_NAME> is not available in Composite run steps
# https://github.community/t/input-variable-name-is-not-available-in-composite-run-steps/127611
REVIEWDOG_GITHUB_API_TOKEN: ${{ inputs.github_token }}
WORKING_DIRECTORY: ${{ inputs.working-directory }}
ONLY_WARN: ${{ inputs.only-warn }}
REVIEWDOG_LEVEL: ${{ inputs.level }}
REVIEWDOG_REPORTER: ${{ inputs.reporter }}
REVIEWDOG_FILTER_MODE: ${{ inputs.filter-mode }}
REVIEWDOG_FAIL_ON_ERROR: ${{ inputs.fail-on-error }}
TERRASCAN_VERSION: ${{ inputs.terrascan-version }}
TERRASCAN_PLATFORM: ${{ inputs.terrascan-platform }}
TERRASCAN_CONFIG_PATH: ${{ inputs.terrascan-config-path }}
TERRASCAN_LOG_LEVEL: ${{ inputs.terrascan-log-level }}
TERRASCAN_IAC_DIR: ${{ inputs.terrascan-iac-dir }}
TERRASCAN_IAC_TYPE: ${{ inputs.terrascan-iac-type }}
TERRASCAN_POLICY_PATH: ${{ inputs.terrascan-policy-path }}
TERRASCAN_POLICY_TYPE: ${{ inputs.terrascan-policy-type }}
TERRASCAN_REMOTE_TYPE: ${{ inputs.terrascan-remote-type }}
TERRASCAN_REMOTE_URL: ${{ inputs.terrascan-remote-url }}
TERRASCAN_SCAN_RULES: ${{ inputs.terrascan-scan-rules }}
TERRASCAN_SEVERITY: ${{ inputs.terrascan-severity }}
TERRASCAN_SKIP_RULES: ${{ inputs.terrascan-skip-rules }}
TERRASCAN_VERBOSE: ${{ inputs.terrascan-verbose }}
# Ref: https://haya14busa.github.io/github-action-brandings/
branding:
icon: 'edit'
color: 'gray-dark'