CoinFabrik · Helios-vmg · Jan 20, 2025 · Jan 29, 2025 · Jan 29, 2025 · Jan 29, 2025
diff --git a/.github/actions/Dockerfile b/.github/actions/Dockerfile
@@ -0,0 +1,5 @@
+FROM coinfabrik/scout:latest
+SHELL ["/bin/bash", "-c"]
+WORKDIR /scoutme
+COPY . .
+
diff --git a/.github/actions/action.yml b/.github/actions/action.yml
@@ -0,0 +1,127 @@
+name: "Scout Security Analysis"
+description: "Runs Scout security analysis on Rust projects and reports findings"
+author: "Coinfabrik"
+branding:
+  icon: "shield"
+  color: "blue"
+
+inputs:
+  working_directory:
+    description: |
+      Directory containing the Cargo.toml file to analyze.
+      Examples:
+        - "." (current directory)
+        - "./my-project"
+        - "packages/rust-project"
+    required: false
+    default: "."
+
+  verbose:
+    description: |
+      Enable verbose output for detailed analysis information.
+      Set to 'true' for debugging purposes.
+    required: false
+    default: false
+
+  fail_on_error:
+    description: |
+      Controls whether the action should fail if Scout finds security issues.
+      Set to 'false' to continue pipeline execution regardless of findings.
+    required: false
+    default: true
+
+  comment_pr:
+    description: |
+      Automatically comment analysis results on the PR.
+      Requires github_token to be set.
+    required: false
+    default: false
+
+  github_token:
+    description: |
+      GitHub token for PR commenting functionality.
+      Required when comment_pr is set to true.
+    required: false
+
+  scout_extra_args:
+    description: |
+      Additional arguments to pass to Scout CLI.
+      Example: "--exclude [DETECTOR_NAME]"
+    required: false
+    default: ""
+
+outputs:
+  report:
+    description: "Path to the generated markdown report file relative to workspace"
+    value: ${{ steps.run-scout.outputs.report }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Run scout analysis
+      id: run-scout
+      shell: bash
+      run: |
+        # Running scout analysis
+
+        log() {
+          echo "[INFO] $1"
+        }
+
+        section() {
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+          echo "🚀 $1"
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        }
+
+        # Configuration
+        DOCKER_QUIET=${{ inputs.verbose == 'true' && '' || '--quiet' }}
+        WORKSPACE="${{ github.workspace }}"
+        REPORT_DIR="$WORKSPACE/scout-report"
+        REPORT_PATH="report.md"
+
+        section "Building Scout Environment"
+        log "Building Scout Docker image..."
+        cd ${{ github.action_path }}
+        docker build $DOCKER_QUIET -t scout-action . > /dev/null 2>&1
+
+        section "Preparing Analysis"
+        log "Creating report directory..."
+        mkdir -p "$REPORT_DIR"
+
+        section "Running Security Analysis"
+        log "Target directory: ${{ inputs.working_directory }}"
+        log "Verbose mode: ${{ inputs.verbose }}"
+
+        docker run $DOCKER_QUIET \
+          -v "$WORKSPACE:/scoutme" \
+          -v "$REPORT_DIR:/output" \
+          -w /scoutme \
+          -e INPUT_TARGET="${{ inputs.working_directory }}" \
+          -e INPUT_SCOUT_ARGS=" ${{ inputs.verbose == 'true' && '-v' || '' }} --output-format md-gh --output-path /output/report.md --cicd /output ${{ inputs.scout_extra_args }}" \
+          scout-action
+
+        if [ -f "$REPORT_DIR/report.md" ]; then
+          section "Processing Results"
+          log "Copying Scout report to workspace..."
+          cp "$REPORT_DIR/report.md" "$WORKSPACE/$REPORT_PATH"
+          echo "report=$REPORT_PATH" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Comment on PR
+      if: ${{ inputs.comment_pr == 'true' }}
+      uses: peter-evans/create-or-update-comment@v4
+      with:
+        issue-number: ${{ github.event.pull_request.number }}
+        token: ${{ inputs.github_token }}
+        body-path: ${{ github.workspace }}/report.md
+
+    - name: Check for failures
+      if: ${{ inputs.fail_on_error == 'true' }}
+      shell: bash
+      run: |
+        if [ -f "${{ github.workspace }}/scout-report/FAIL" ]; then
+          echo "[ERROR] Scout analysis failed! Please check the report for details."
+          exit 1
+        fi
+        echo "✅ Scout analysis completed successfully!"
diff --git a/.github/workflows/scout.yml b/.github/workflows/scout.yml
@@ -15,11 +15,17 @@ jobs:
       - name: checkout
         uses: actions/checkout@v4
 
-      - name: do scout
-        uses: coinfabrik/scout-actions@v3
+      - name: Run scout
+        id: scout
+        uses: ./.github/actions
         with:
-          target: ''
+          working_directory: .
+          fail_on_error: false
+          comment_pr: false
 
-      - uses: mshick/[email protected]
-        with:
-          message-path:  ${{ github.workspace }}/report.md
+      - name: Display Report
+        if: always()
+        run: |
+          if [[ -n "${{ steps.scout.outputs.report }}" ]]; then
+            cat "${{ steps.scout.outputs.report }}"
+          fi