This repository has been archived by the owner on Oct 1, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathaction.yml
65 lines (52 loc) · 1.82 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: 'ghascompliance'
description: 'ghascompliance'
inputs:
severity:
description: 'Severity Level'
default: error
repository:
description: Repository owner and repo name
default: ${{ github.repository }}
token:
description: GitHub Personal Access Token
default: ${{ github.token }}
ref:
description: GitHub Ref
default: ${{ github.ref }}
action:
description: 'Action to take upon discovery of security issues hitting threshold'
default: break
policy:
description: Policy as Code repository owner/repo name
policy-path:
description: Policy as Code file path (including path in repo)
policy-branch:
description: Policy as Code branch
default: main
argvs:
description: 'Additional Arguments'
runs:
using: "composite"
steps:
- shell: bash
run: |
echo "::group::Installing Dependencies"
pushd ${{ github.action_path }}
python3 -m pip install pipenv && python3 -m pipenv install --system
popd
echo "::endgroup::"
- shell: bash
run: |
echo "::error ::This Action has been moved to `advanced-security/policy-as-code`"
echo "::error ::The Action is pinned to 1.7.0 and will no longer receive any updates going forward"
PYTHONPATH=${{ github.action_path }} && export PYTHONPATH=${{ github.action_path }}
python3 -m ghascompliance \
--severity "${{ inputs.severity }}" \
--action "${{ inputs.action }}" \
--github-token "${{ inputs.token }}" \
--github-repository "${{ inputs.repository }}" \
--github-ref "${{ inputs.ref }}" \
--github-policy "${{ inputs.policy }}" \
--github-policy-path "${{ inputs.policy-path }}" \
--github-policy-branch "${{ inputs.policy-branch }}" \
${{ inputs.argvs }}