-
Notifications
You must be signed in to change notification settings - Fork 2
/
action.yml
65 lines (60 loc) · 2.42 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: Check with osv-detector
description: 'Installs and runs osv-detector against the given lockfiles or directories'
branding:
icon: 'check-square'
color: 'purple'
inputs:
osv-detector-version:
description: |
The full version of the `osv-detector` to install. If omitted, the latest version is used.
required: false
osv-detector-binary:
description: |
The full name of the `osv-detector` binary that should be downloaded. If omitted, the linux amd64 binary is used.
required: false
flags:
description: |
Flags to be passed to the `osv-detector`
required: false
paths:
description: |
A list of lockfiles and directories to check with the `osv-detector`.
default: '.'
required: false
runs:
using: composite
steps:
- name: Determine version
shell: bash
if: ${{ ! inputs.osv-detector-version }}
run: |
OSVDETECTOR_VERSION=$(
curl -s \
--header 'authorization: Bearer ${{ github.token }}' \
"https://api.github.com/repos/G-Rath/osv-detector/releases/latest" \
| perl -nle'print substr($&, 1) while m#"tag_name": "\K[^"]*#g'
)
echo "OSVDETECTOR_VERSION=$OSVDETECTOR_VERSION" >> $GITHUB_ENV
- name: Determine binary
shell: bash
if: ${{ ! inputs.osv-detector-binary }}
run: |
OSVDETECTOR_BINARY="osv-detector_${OSVDETECTOR_VERSION}_linux_amd64"
echo "OSVDETECTOR_BINARY=$OSVDETECTOR_BINARY" >> $GITHUB_ENV
env:
OSVDETECTOR_VERSION: ${{ inputs.osv-detector-version || env.OSVDETECTOR_VERSION }}
- name: Install osv-detector
shell: bash
run: |
mkdir ~/osv-detector && cd ~/osv-detector
echo "Installing osv-detector v$OSVDETECTOR_VERSION ($OSVDETECTOR_BINARY)"
curl --connect-timeout 5 --max-time 5 --retry-delay 0 --retry-max-time 30 --retry-all-errors -fL https://github.com/G-Rath/osv-detector/releases/download/v$OSVDETECTOR_VERSION/$OSVDETECTOR_BINARY --output osv-detector
chmod +x osv-detector
sudo ln -s ~/osv-detector/osv-detector /usr/local/bin/osv-detector
env:
OSVDETECTOR_VERSION: ${{ inputs.osv-detector-version || env.OSVDETECTOR_VERSION }}
OSVDETECTOR_BINARY: ${{ inputs.osv-detector-binary || env.OSVDETECTOR_BINARY }}
- name: Check dependencies for security vulnerabilities
shell: bash
run: |
osv-detector ${{ inputs.flags }} ${{ inputs.paths }}