-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
137 lines (128 loc) · 6.17 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: 'SOOS SBOM'
author: 'SOOS'
description: 'The SOOS GitHub Action to perform SBOM Analysis.'
branding:
icon: "alert-triangle"
color: "blue"
inputs:
api_key:
description: 'SOOS API Key.'
required: true
api_url:
description: 'SOOS API URL - Internal Use Only'
required: true
default: 'https://api.soos.io/api/'
branch_uri:
description: 'Branch URI'
required: false
default: '${{ github.server_url }}/${{ github.repository }}/tree/${{ github.head_ref || github.ref_name }}'
branch_name:
description: 'Branch Name'
required: false
default: '${{ github.head_ref || github.ref_name }}'
build_uri:
description: 'Build URI'
required: false
default: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
build_version:
description: 'Version of application build artifacts.'
required: false
default: ''
client_id:
description: 'SOOS Client ID.'
required: true
directories_to_exclude:
description: 'Directories to Exclude: Listing of directories (relative to ./) to exclude from the search for SBOM files. Example - Correct: bin/start/ Example - Incorrect: ./bin/start/ Example - Incorrect: /bin/start'
required: false
files_to_exclude:
description: 'Files to Exclude: Listing of files (relative to ./) to exclude from the search for SBOM files. Example - Correct: bin/start/internal.spdx.json ... Example - Incorrect: ./bin/start/internal.spdx.json ... Example - Incorrect: /bin/start/internal.spdx.json'
required: false
log_level:
description: 'Log level to show: DEBUG, INFO, WARN, FAIL, ERROR.'
required: false
default: 'INFO'
on_failure:
description: 'Set the On Failure Scan Strategy: fail_the_build, and continue_on_failure'
required: false
default: 'continue_on_failure'
operating_environment:
description: 'System info regarding operating system, etc.'
required: false
default: ${{ runner.os }}
project_name:
description: 'The project name that will be displayed on the dashboard. By Default is owner/repository_name.'
required: true
default: ${{ github.repository }}
sbom_path:
description: "The SBOM file or folder to scan. When a folder is specified all SBOMs found in the folder and sub-folders will be scanned. When this parameter is specified it should be indicated relative to the repository (eg: sboms/your_sbom.cdx.json)"
required: true
default: '${{ github.workspace }}'
sbom_version:
description: 'The SOOS SBOM version to use - Internal Use Only'
required: false
default: 'latest'
runs:
using: "composite"
steps:
- name: Check version
shell: bash
env:
SOOS_ACTION_REF: ${{ github.action_ref }}
run: |
set +x # Turn off command echoing
printf '%.0s-' {1..80}
printf '\n'
response=$(curl -s https://api.github.com/repos/soos-io/soos-sbom-github-action/releases/latest)
if [ $? -eq 0 ]; then
latest_tag=$(echo "$response" | grep -oP '"tag_name": "\K(.*)(?=")')
current_tag=$(echo "$SOOS_ACTION_REF" | awk -F'/' '{print $NF}')
latest_tag_major=$(echo "$latest_tag" | awk -F'.' '{print $1}')
echo "Your current version is: $current_tag, The latest version is: $latest_tag_major"
if [[ "$current_tag" != "$latest_tag_major"* ]]; then
echo "This action is outdated or using a commit reference. Please update to use the latest major version tag: $latest_tag_major"
elif [[ "$current_tag" == "$latest_tag" ]]; then
echo "It is recommended to use the major version tag, $latest_tag_major when referencing this action."
elif [[ "$current_tag" != "$latest_tag_major" ]]; then
echo "This action is out of date. It is recommended to use the major version tag, $latest_tag_major."
fi
else
echo "Can't check version."
fi
printf '%.0s-' {1..80}
printf '\n'
- uses: actions/setup-node@v4
with:
node-version: 20
- name: Set Arguments
shell: bash
env:
SOOS_ACTION_REF: ${{ github.action_ref }}
run: |
set +x # Turn off command echoing
current_tag=$(echo "$SOOS_ACTION_REF" | awk -F'/' '{print $NF}')
args="--integrationName=Github --integrationType=Plugin --appVersion=\"$current_tag\" "
[ -n "${{ inputs.api_key }}" ] && args+="--apiKey=${{ inputs.api_key }} "
[ -n "${{ inputs.api_url }}" ] && args+="--apiURL=${{ inputs.api_url }} "
[ -n "${{ inputs.branch_name }}" ] && args+="--branchName=${{ inputs.branch_name }} "
[ -n "${{ inputs.branch_uri }}" ] && args+="--branchURI=${{ inputs.branch_uri }} "
[ -n "${{ inputs.build_uri }}" ] && args+="--buildURI=${{ inputs.build_uri }} "
[ -n "${{ inputs.build_version }}" ] && args+="--buildVersion=${{ inputs.build_version }} "
[ -n "${{ inputs.client_id }}" ] && args+="--clientId=${{ inputs.client_id }} "
[ -n "${{ inputs.directories_to_exclude }}" ] && args+="--directoriesToExclude=\"${{ inputs.directories_to_exclude }}\" "
[ -n "${{ inputs.files_to_exclude }}" ] && args+="--filesToExclude=\"${{ inputs.files_to_exclude }}\" "
[ -n "${{ inputs.log_level }}" ] && args+="--logLevel=${{ inputs.log_level }} "
[ -n "${{ inputs.on_failure }}" ] && args+="--onFailure=${{ inputs.on_failure }} "
[ -n "${{ inputs.operating_environment }}" ] && args+="--operatingEnvironment=${{ inputs.operating_environment }} "
[ -n "${{ inputs.project_name }}" ] && args+="--projectName=\"${{ inputs.project_name }}\" "
[ -n "${{ inputs.sbom_path }}" ] && args+="${{ inputs.sbom_path }}"
echo "Arguments: $args"
echo "args=$args" >> $GITHUB_ENV
- name: Install and Run SOOS SCA
shell: bash
run: |
[ -d "./soos" ] && rm -rf "./soos"
npm install --prefix ./soos @soos-io/soos-sbom@${{ inputs.sbom_version }}
cd ./soos
SCRIPT_VERSION=$(npm list @soos-io/soos-sbom --depth=0 | grep @soos-io/soos-sbom | awk -F'@' '{print $NF}')
cd ..
eval "node ./soos/node_modules/@soos-io/soos-sbom/bin/index.js --scriptVersion=$SCRIPT_VERSION $args"