GitHub Action
Fossa Action
The action sets up the latest release of fossa-cli
, infer the correct
configuration from the current system state, analyze the project for a list of
its dependencies, and upload the results to FOSSA.
This action aims to provide an OS-neutral interface to fossa-cli
, and so will
not add features that only work on one operating system. It will also track the
latest release of fossa-cli
.
There is a point that is particularly easy to misunderstand. It's where you specify the version of the action itself.
- name: Run and upload build analysis
uses: fossa-contrib/fossa-action@v1
# ^^^
with:
fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
github-token: ${{ github.token }}
We recommend that you include the version of the action. We adhere to
semantic versioning, it's safe to use the major version
(v1
) in your workflow. If you use the master branch, this could break your
workflow when we publish a breaking update and increase the major version.
steps:
# Reference the major version of a release (most recommended)
- uses: fossa-contrib/fossa-action@v1
# Reference a specific commit (most strict)
- uses: fossa-contrib/fossa-action@4fb2464
# Reference a semver version of a release (not recommended)
- uses: fossa-contrib/[email protected]
# Reference a branch (most dangerous)
- uses: fossa-contrib/fossa-action@master
name: License Scanning
on:
- pull_request
- push
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run and upload build analysis
uses: fossa-contrib/fossa-action@v1
with:
fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
github-token: ${{ github.token }}
fossa-api-key
: This input is used to upload the results of the build analysis.github-token
: This input is used to get the latest release offossa-cli
from GitHub API.skip-test
: This input is used to specify whether to executefossa test
. This takes a long time, so it's set totrue
by default.