-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
54 lines (52 loc) · 3.33 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
name: "Synopsys Polaris Security Testing"
description: "Run Coverity SAST via the Polaris platform and provide feedback within GitHub pull requests"
author: "Synopsys Inc"
inputs:
github_token:
description: "Your GitHub token"
required: true
polaris_url:
description: "The URL of the Polaris server to be referenced API calls"
required: true
polaris_access_token:
description: "An access token to support API calls"
required: true
polaris_command:
description: 'Command line to pass to the Polaris CLI, will default to "analyze -w"'
required: false
default: "analyze -w"
debug:
description: "Enable verbose debugging mode"
required: false
default: "false"
diagnostic:
description: "Enable diagonstic build artifacts"
required: false
default: "false"
security_gate_filters:
description: "Enable security gate"
required: false
fail_on_error:
description: |
Exit code when errors are found [true,false]
Default is `false`.
default: "false"
required: false
skip_run:
description: "Skip execution of the Polaris CLI command, assume it has been run manually"
required: false
report_url:
description: "URL to report false positives"
required: false
runs:
using: composite
steps:
- name: 📥 Pull Image
run: |
echo ${{inputs.github_token}} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
docker pull ghcr.io/contentful/polaris-action:master
shell: bash
- name: 🔥 Run Polaris scan in docker
run: |
docker run --rm -e INPUT_GITHUB_TOKEN=${{ inputs.github_token }} -e INPUT_POLARIS_URL=${{ inputs.polaris_url }} -e POLARIS_SERVER_URL=${{ inputs.polaris_url }} -e INPUT_POLARIS_ACCESS_TOKEN=${{ inputs.polaris_access_token }} -e POLARIS_ACCESS_TOKEN=${{ inputs.polaris_access_token }} -e INPUT_DEBUG=${{ inputs.debug }} -e INPUT_POLARIS_COMMAND='${{ inputs.polaris_command }}' -e INPUT_SECURITY_GATE_FILTERS='${{ inputs.security_gate_filters }}' -e INPUT_REPORT_URL='${{ inputs.report_url }}' -e INPUT_DIAGNOSTIC=${{ inputs.diagnostic }} -e INPUT_FAIL_ON_ERROR=${{ inputs.fail_on_error }} -e INPUT_SKIP_RUN=${{ inputs.skip_run }} -e "DOCKER_USERNAME" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v /home/runner:/home/runner ghcr.io/contentful/polaris-action:master
shell: bash