-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yaml
57 lines (53 loc) · 2.12 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: Scan code security advisories
description: Scan Haskell code for possible security advisories.
inputs:
checkout_path:
description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
required: false
default: ${{ github.workspace }}
ref:
description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is ignored for pull requests from forks."
required: false
sha:
description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
required: false
token:
description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
required: false
default: ${{ github.token }}
outputs:
sarif-id:
description: The ID of the uploaded SARIF file.
value: ${{ steps.upload-sarif.outputs.sarif-id }}
runs:
using: composite
steps:
- name: Extract
shell: bash
env:
CHECKOUT_PATH: ${{ inputs.checkout_path }}
run: |
cd "$CHECKOUT_PATH"
wget https://github.com/blackheaven/cabal-audit/releases/download/nightly/cabal-audit
chmod +x cabal-audit
- name: Run Haskell Security Action
shell: bash
env:
CHECKOUT_PATH: ${{ inputs.checkout_path }}
run: |
cd "$CHECKOUT_PATH"
./cabal-audit --sarif --to-file results.sarif
cat results.sarif
- name: Upload SARIF file
id: upload-sarif
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ inputs.checkout_path }}/results.sarif
category: haskell-security-action
checkout_path: ${{ inputs.checkout_path }}
ref: ${{ inputs.ref }}
sha: ${{ inputs.sha }}
token: ${{ inputs.token }}
branding:
icon: 'search'
color: 'purple'