diff --git a/README.md b/README.md index 2693c62..37888c1 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,53 @@ # actions_python_bandit A Github action for security scanning with bandit. + + +
+ +## How to use +In your .github/workflows directory, create a yaml file (such as main.yaml). Add a job for each desired workflow with the `uses` keyword. Use the `with` keyword to pass any desired variables. + +Examples: + +``` +on: [push] + +jobs: + bandit: + runs-on: ubuntu-latest + name: "bandit" + steps: + - uses: davidslusser/actions_python_bandit@v1.0.0 +``` +
+ +``` +on: [push] + +jobs: + bandit: + runs-on: ubuntu-latest + name: "bandit" + steps: + - uses: davidslusser/actions_python_bandit@v1.0.0 + with: + src: "src" + options: "-r" + pip_install_command: "pip install -e .[dev]" + python_version: "3.9" +``` + +
+ +## Inputs + - **src:** source directory of code to check (defaults to "`.`") + - **options:** optional flags/parameters used in bandit command (defaults to "`-r`") + - **pip_install_command:** pip install command (defaults to "`pip install bandit`") + - **python_version:** version of python to run workflow with (defaults to "`3.x`") + + +
+ +## References + - https://bandit.readthedocs.io/en/latest/ + - https://pypi.org/project/bandit/ diff --git a/action.yaml b/action.yaml new file mode 100644 index 0000000..bdd5195 --- /dev/null +++ b/action.yaml @@ -0,0 +1,47 @@ +name: actions_python_bandit +description: Github action for python static type checking with bandit +branding: + icon: 'check-circle' + color: 'green' +inputs: + options: + description: "additional flags/parameters passed to the bandit command" + required: false + type: string + default: "-r" + pip_install_command: + description: "command used to install python dependancies" + required: false + type: string + default: "pip install bandit" + python_version: + description: "version of python to run action with" + required: false + type: string + default: "3.x" + src: + required: false + type: string + default: "." +runs: + using: "composite" + steps: + - uses: actions/checkout@v3 + - name: "Setup Python ${{ inputs.python_version }}" + uses: actions/setup-python@v4 + with: + python-version: ${{ inputs.python_version }} + + - name: "Show Python Version" + run: python --version + shell: bash + + - name: "Install Python Dependencies" + run: | + python -m pip install --upgrade pip + ${{ inputs.pip_install_command }} + shell: bash + + - name: "Run Bandit" + run: "bandit ${{ inputs.src }} ${{ inputs.options }}" + shell: bash