diff --git a/.github/workflows/analyze-docker-image.yml b/.github/workflows/analyze-docker-image.yml new file mode 100644 index 0000000..6a9dcac --- /dev/null +++ b/.github/workflows/analyze-docker-image.yml @@ -0,0 +1,12 @@ +on: [push] + +jobs: + scan-codebase: + runs-on: ubuntu-22.04 + name: Analyze a Docker image with ScanCode.io + steps: + - uses: nexB/scancode-action@alpha + with: + pipelines: "analyze_docker_image" + input-urls: + https://github.com/nexB/scancode.io-tutorial/releases/download/sample-images/30-alpine-nickolashkraus-staticbox-latest.tar diff --git a/.github/workflows/map-deploy-to-develop.yml b/.github/workflows/map-deploy-to-develop.yml new file mode 100644 index 0000000..a3216f8 --- /dev/null +++ b/.github/workflows/map-deploy-to-develop.yml @@ -0,0 +1,15 @@ +on: [push] + +jobs: + scan-codebase: + runs-on: ubuntu-22.04 + name: Map deploy to develop with ScanCode.io + steps: + - uses: nexB/scancode-action@alpha + with: + pipelines: "map_deploy_to_develop" + input-urls: + https://github.com/nexB/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/from-flume-ng-node-1.9.0.zip#from + https://github.com/nexB/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/to-flume-ng-node-1.9.0.zip#to + env: + PURLDB_URL: https://public.purldb.io/ diff --git a/.github/workflows/scan-codebase.yml b/.github/workflows/scan-codebase.yml index 929f1c9..f8af2f3 100644 --- a/.github/workflows/scan-codebase.yml +++ b/.github/workflows/scan-codebase.yml @@ -2,7 +2,7 @@ on: [push] jobs: scan-codebase: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Scan codebase with ScanCode.io steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/scan-package.yml b/.github/workflows/scan-single-package.yml similarity index 83% rename from .github/workflows/scan-package.yml rename to .github/workflows/scan-single-package.yml index 314db73..5a9b23b 100644 --- a/.github/workflows/scan-package.yml +++ b/.github/workflows/scan-single-package.yml @@ -2,7 +2,7 @@ on: [push] jobs: scan-codebase: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Scan package with ScanCode.io steps: - name: Download repository archive to scancode-inputs/ directory @@ -10,4 +10,4 @@ jobs: wget --directory-prefix=scancode-inputs https://github.com/${GITHUB_REPOSITORY}/archive/${GITHUB_REF}.zip - uses: nexB/scancode-action@alpha with: - pipelines: "scan_package" + pipelines: "scan_single_package" diff --git a/README.md b/README.md index a258a82..9f37de8 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ Run [ScanCode.io](https://github.com/nexB/scancode.io) pipelines from your Workf - [Run a specific pipeline](#run-a-specific-pipeline) - [Run multiple pipelines](#run-multiple-pipelines) - [Choose the output formats](#choose-the-output-formats) + - [Provide download URLs inputs](#provide-download-urls-inputs) - [Fetch pipelines inputs](#fetch-pipelines-inputs) - [Define a custom project name](#define-a-custom-project-name) - [Where does the scan results go?](#where-does-the-scan-results-go) @@ -49,15 +50,22 @@ steps: # The list of output formats to generate. # Default is 'json xlsx spdx cyclonedx' output-formats: - + # Relative path within the $GITHUB_WORKSPACE for pipeline inputs. # Default is 'scancode-inputs' inputs-path: + # Provide one or more URLs to download for the pipeline run execution + input-urls: + # Name of the project. # Default is 'scancode-action' project-name: + # Name of the outputs archive. + # Default is 'scancode-outputs' + outputs-archive-name: + # Python version that will be installed to run ScanCode.io # Default is '3.11' python-version: @@ -65,6 +73,9 @@ steps: ## Examples +See https://github.com/nexB/scancode-action/tree/main/.github/workflows for Workflows +examples. + ### Scan repo codebase ```yaml @@ -113,6 +124,17 @@ For details on setting up and configuring your own instance, please refer to the output-formats: "json xlsx spdx cyclonedx" ``` +### Provide download URLs inputs + +```yaml +- uses: nexB/scancode-action@alpha + with: + pipelines: "map_deploy_to_develop" + input-urls: + https://domain.url/source.zip#from + https://domain.url/binaries.zip#to +``` + ### Fetch pipelines inputs ```yaml @@ -136,5 +158,5 @@ For details on setting up and configuring your own instance, please refer to the Upon completion of the workflow, you can **find the scan results** in the dedicated **artifacts section** at the bottom of the workflow summary page. -Look for a file named `scanpipe-outputs` in that section. +Look for a file named `scancode-outputs` in that section. This file contains the outputs generated by the `scancode-action`. diff --git a/action.yml b/action.yml index 20b873c..929e678 100644 --- a/action.yml +++ b/action.yml @@ -10,9 +10,16 @@ inputs: inputs-path: description: "Relative path within the $GITHUB_WORKSPACE for pipeline inputs" default: "${{ github.workspace }}/scancode-inputs" + input-urls: + description: 'Provide one or more URLs to download for the pipeline run execution' + required: false + default: "" project-name: description: "Name of the project" default: "scancode-action" + outputs-archive-name: + description: "Name of the outputs archive" + default: "scancode-outputs" python-version: description: "Python version" default: "3.11" @@ -28,29 +35,49 @@ runs: shell: bash run: | echo "SECRET_KEY=$(openssl rand -base64 32)" >> $GITHUB_ENV - echo "SCANCODEIO_DB_ENGINE=django.db.backends.sqlite3" >> $GITHUB_ENV - echo "SCANCODEIO_DB_NAME=sqlite3.db" >> $GITHUB_ENV + echo "SCANCODEIO_DB_NAME=scancodeio" >> $GITHUB_ENV + echo "SCANCODEIO_DB_USER=scancodeio" >> $GITHUB_ENV + echo "SCANCODEIO_DB_PASSWORD=scancodeio" >> $GITHUB_ENV + + - name: Start and setup the PostgreSQL service + shell: bash + run: | + sudo systemctl start postgresql.service + sudo -u postgres createuser --no-createrole --no-superuser --login --inherit --createdb ${{ env.SCANCODEIO_DB_USER }} + sudo -u postgres psql -c "ALTER USER ${{ env.SCANCODEIO_DB_USER }} WITH encrypted password '${{ env.SCANCODEIO_DB_PASSWORD }}'" + sudo -u postgres createdb --owner=scancodeio --encoding=UTF-8 ${{ env.SCANCODEIO_DB_NAME }} - name: Install ScanCode.io shell: bash run: | - pip install scancodeio + pip install --upgrade scancodeio scanpipe migrate - - name: Generate pipelines CLI arguments + - name: Generate `--pipeline` CLI arguments shell: bash run: | IFS=',' read -ra PIPELINES <<< "${{ inputs.pipelines }}" - options="" + PIPELINE_CLI_ARGS="" for pipeline in "${PIPELINES[@]}"; do - options+="--pipeline $pipeline " + PIPELINE_CLI_ARGS+=" --pipeline $pipeline" + done + echo "PIPELINE_CLI_ARGS=${PIPELINE_CLI_ARGS}" >> $GITHUB_ENV + + - name: Generate `--input-url` CLI arguments + shell: bash + run: | + INPUT_URL_CLI_ARGS="" + for url in ${{ inputs.input-urls }}; do + INPUT_URL_CLI_ARGS+=" --input-url $url" done - echo "PIPELINE_CLI_ARGS=${options}" >> $GITHUB_ENV + echo "INPUT_URL_CLI_ARGS=${INPUT_URL_CLI_ARGS}" >> $GITHUB_ENV - - name: Create project with ${{ inputs.pipelines }} pipelines + - name: Create project shell: bash run: | - scanpipe create-project ${{ inputs.project-name }} ${{ env.PIPELINE_CLI_ARGS }} + scanpipe create-project ${{ inputs.project-name }} \ + ${{ env.PIPELINE_CLI_ARGS }} \ + ${{ env.INPUT_URL_CLI_ARGS }} - name: Set project work directory in the environment shell: bash @@ -61,7 +88,12 @@ runs: - name: Copy input files to project work directory shell: bash - run: cp -r ${{ inputs.inputs-path }}/* ${{ env.PROJECT_WORK_DIRECTORY }}/input/ + run: | + SOURCE_PATH="${{ inputs.inputs-path }}" + DESTINATION_PATH="${{ env.PROJECT_WORK_DIRECTORY }}/input/" + if [ -d "$SOURCE_PATH" ]; then + cp -r "$SOURCE_PATH"/* "$DESTINATION_PATH" + fi - name: Run the pipelines shell: bash @@ -70,7 +102,7 @@ runs: - name: Generate outputs id: scanpipe shell: bash - run: scanpipe output + run: scanpipe output --project ${{ inputs.project-name }} --format ${{ inputs.output-formats }} --no-color @@ -79,5 +111,5 @@ runs: uses: actions/upload-artifact@v4 id: artifact-upload-step with: - name: scanpipe-outputs + name: ${{ inputs.outputs-archive-name }} path: ${{ env.PROJECT_WORK_DIRECTORY }}/output/*