action.yml

name: 'Wordfence Malware Scan'

inputs:
  license:
    required: true
  version:
    default: main
  path:
    default: .
    required: false
  workers:
    default: 4
  args:
    default: ''
    required: false
outputs:
  result:
    description: "Scan result"
    value: ${{ steps.result.outputs.RESULT }}
runs:
  using: 'composite'
  steps:
    - name: Install wordfence
      shell: bash
      run: |
        git clone -b ${{ inputs.version }} https://github.com/wordfence/wordfence-cli.git /tmp/wordfence-cli
        docker build -t wordfence-cli:${{ inputs.version }} /tmp/wordfence-cli/

    - name: Run wordfence
      shell: bash
      run: |
        docker run -v ${{ inputs.path }}:/var/www wordfence-cli:${{ inputs.version }} malware-scan \
          --no-cache \
          --no-banner \
          --no-color \
          --license=${{ inputs.license }} \
          --workers=${{ inputs.workers }} \
          --include-all-files \
          ${{ inputs.args }} \
          /var/www/ > /tmp/wordfence-result

    - name: Output result
      id: result
      shell: bash
      run: |
        cat /tmp/wordfence-result

        {
          echo 'RESULT<<EOF'
          cat /tmp/wordfence-result
          echo -e "\n"
          echo 'EOF'
        } >> "$GITHUB_OUTPUT"

        [ -s /tmp/wordfence-result ] && exit 1

        rm /tmp/wordfence-result