GitHub Action
Fossa Action
The action sets up the latest release of fossa-cli, infer the correct
configuration from the current system state, analyze the project for a list of
its dependencies, and upload the results to FOSSA.
This action aims to provide an OS-neutral interface to fossa-cli, and so will
not add features that only work on one operating system. It will also track the
latest release of fossa-cli.
There is a point that is particularly easy to misunderstand. It's where you specify the version of the action itself.
- name: Run and upload build analysis
uses: fossa-contrib/fossa-action@v1
# ^^^
with:
fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
github-token: ${{ github.token }}We recommend that you include the version of the action. We adhere to
semantic versioning, it's safe to use the major version
(v1) in your workflow. If you use the master branch, this could break your
workflow when we publish a breaking update and increase the major version.
steps:
# Reference the major version of a release (most recommended)
- uses: fossa-contrib/fossa-action@v1
# Reference a specific commit (most strict)
- uses: fossa-contrib/fossa-action@4fb2464
# Reference a semver version of a release (not recommended)
- uses: fossa-contrib/fossa-action@v1.0.2
# Reference a branch (most dangerous)
- uses: fossa-contrib/fossa-action@mastername: License Scanning
on:
- pull_request
- push
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run and upload build analysis
uses: fossa-contrib/fossa-action@v1
with:
fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
github-token: ${{ github.token }}fossa-api-key: This input is used to upload the results of the build analysis.github-token: This input is used to get the latest release offossa-clifrom GitHub API.