Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
package

GitHub Action

Fossa Action

v1.1.0

Fossa Action

package

Fossa Action

Actions for running FOSSA scans

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Fossa Action

uses: fossa-contrib/[email protected]

Learn more about this action in fossa-contrib/fossa-action

Choose a version

Fossa Action

Main workflow CodeQL FOSSA Status

Synopsis

The action sets up the latest release of fossa-cli, infer the correct configuration from the current system state, analyze the project for a list of its dependencies, and upload the results to FOSSA.

Roadmap

This action aims to provide an OS-neutral interface to fossa-cli, and so will not add features that only work on one operating system. It will also track the latest release of fossa-cli.

Usage

How to specify the version

There is a point that is particularly easy to misunderstand. It's where you specify the version of the action itself.

- name: Run and upload build analysis
  uses: fossa-contrib/fossa-action@v1
  #                               ^^^
  with:
    fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
    github-token: ${{ github.token }}

We recommend that you include the version of the action. We adhere to semantic versioning, it's safe to use the major version (v1) in your workflow. If you use the master branch, this could break your workflow when we publish a breaking update and increase the major version.

steps:
  # Reference the major version of a release (most recommended)
  - uses: fossa-contrib/fossa-action@v1
  # Reference a specific commit (most strict)
  - uses: fossa-contrib/fossa-action@4fb2464
  # Reference a semver version of a release (not recommended)
  - uses: fossa-contrib/[email protected]
  # Reference a branch (most dangerous)
  - uses: fossa-contrib/fossa-action@master

Example workflow

name: License Scanning

on:
  - pull_request
  - push

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Run and upload build analysis
        uses: fossa-contrib/fossa-action@v1
        with:
          fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
          github-token: ${{ github.token }}

Inputs

  • fossa-api-key: This input is used to upload the results of the build analysis.
  • github-token: This input is used to get the latest release of fossa-cli from GitHub API.
  • skip-test: This input is used to specify whether to execute fossa test. This takes a long time, so it's set to true by default.