From 7dce58cb890645088b59405c841e24da5189d466 Mon Sep 17 00:00:00 2001 From: Dom Colangelo Date: Tue, 20 Feb 2024 16:06:37 -0500 Subject: [PATCH 1/8] output the raw summary passed to GH Actions Job Summaries --- action.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/action.yml b/action.yml index e5b3aec..98d05d9 100644 --- a/action.yml +++ b/action.yml @@ -54,6 +54,9 @@ outputs: internal-be-careful-output: description: "the column-formatted output from pip-audit, wrapped as base64" value: "${{ steps.pip-audit.outputs.output }}" + summary-raw: + description: "the raw summary output from pip-audit, passed to the Job Summaries page" + value: "${{ steps.pip-audit.outputs.summary-raw }}" runs: using: "composite" steps: @@ -72,6 +75,8 @@ runs: source "${{ github.action_path }}/setup/venv.bash" python "${{ github.action_path }}/action.py" "${{ inputs.inputs }}" + + echo "summary-raw=$(cat $GITHUB_STEP_SUMMARY)" >> $GITHUB_ENV env: GHA_PIP_AUDIT_SUMMARY: "${{ inputs.summary }}" GHA_PIP_AUDIT_NO_DEPS: "${{ inputs.no-deps }}" From 439193540c0b851a3a941928546214f81417c31a Mon Sep 17 00:00:00 2001 From: Dom Colangelo Date: Tue, 20 Feb 2024 17:35:50 -0500 Subject: [PATCH 2/8] rename output var, remove uuoc --- action.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/action.yml b/action.yml index 98d05d9..f006074 100644 --- a/action.yml +++ b/action.yml @@ -54,9 +54,9 @@ outputs: internal-be-careful-output: description: "the column-formatted output from pip-audit, wrapped as base64" value: "${{ steps.pip-audit.outputs.output }}" - summary-raw: - description: "the raw summary output from pip-audit, passed to the Job Summaries page" - value: "${{ steps.pip-audit.outputs.summary-raw }}" + markdown-summary: + description: "the markdown summary output from pip-audit, passed to the Job Summaries page" + value: "${{ steps.pip-audit.outputs.markdown-summary }}" runs: using: "composite" steps: @@ -76,7 +76,9 @@ runs: python "${{ github.action_path }}/action.py" "${{ inputs.inputs }}" - echo "summary-raw=$(cat $GITHUB_STEP_SUMMARY)" >> $GITHUB_ENV + if [[ ${{ inputs.summary }} ]]; then + echo "markdown-summary=$(<${GITHUB_STEP_SUMMARY})" >> ${GITHUB_ENV} + fi env: GHA_PIP_AUDIT_SUMMARY: "${{ inputs.summary }}" GHA_PIP_AUDIT_NO_DEPS: "${{ inputs.no-deps }}" From d6d692c559bd3a80c56c1dd7a3f099181b3589ac Mon Sep 17 00:00:00 2001 From: Dom Colangelo Date: Tue, 20 Feb 2024 17:36:08 -0500 Subject: [PATCH 3/8] add output var "markdown-summary" info to readme.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ff434ac..09b19f5 100644 --- a/README.md +++ b/README.md @@ -192,6 +192,8 @@ The `summary` setting controls whether a GitHub [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/) is rendered at the end of the action. +__Note:__ The markdown-formatted summary ("raw markdown" in the GitHub UI) is output to a variable `markdown-summary` when job summaries are enabled. + Example: ```yaml From 343afa0f79726354d43e7042a2b11075cc03426b Mon Sep 17 00:00:00 2001 From: Dom Colangelo Date: Tue, 20 Feb 2024 18:01:56 -0500 Subject: [PATCH 4/8] don't allow injection! --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index f006074..de013f3 100644 --- a/action.yml +++ b/action.yml @@ -76,7 +76,7 @@ runs: python "${{ github.action_path }}/action.py" "${{ inputs.inputs }}" - if [[ ${{ inputs.summary }} ]]; then + if [[ "${inputs.summary}" = "true" ]]; then echo "markdown-summary=$(<${GITHUB_STEP_SUMMARY})" >> ${GITHUB_ENV} fi env: From e1225eeac092f26addc5e00b9aa75821d54308a5 Mon Sep 17 00:00:00 2001 From: Dom Colangelo Date: Tue, 20 Feb 2024 18:02:40 -0500 Subject: [PATCH 5/8] swap input var for env var --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index de013f3..f878b53 100644 --- a/action.yml +++ b/action.yml @@ -76,7 +76,7 @@ runs: python "${{ github.action_path }}/action.py" "${{ inputs.inputs }}" - if [[ "${inputs.summary}" = "true" ]]; then + if [[ "${GHA_PIP_AUDIT_SUMMARY}" = "true" ]]; then echo "markdown-summary=$(<${GITHUB_STEP_SUMMARY})" >> ${GITHUB_ENV} fi env: From e8c2578df26ad5c0c52b61bf7052152ced002470 Mon Sep 17 00:00:00 2001 From: Dom Colangelo Date: Tue, 20 Feb 2024 18:12:22 -0500 Subject: [PATCH 6/8] add self-test for markdown summary output --- .github/workflows/selftest.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/selftest.yml b/.github/workflows/selftest.yml index 261a198..693474b 100644 --- a/.github/workflows/selftest.yml +++ b/.github/workflows/selftest.yml @@ -23,8 +23,10 @@ jobs: - name: assert expected output env: PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.internal-be-careful-output }}" + MARKDOWN_SUMMARY_OUTPUT: "${{ steps.pip-audit.outputs.makrdown-summary }}" run: | grep -E 'pyyaml\s+\|\s+5.1' <<< $(base64 -d <<< "${PIP_AUDIT_OUTPUT}") + grep 'pip-audit found one or more problems' <<< $(base64 -d <<< "${MARKDOWN_SUMMARY_OUTPUT}") selftest-environment: runs-on: ubuntu-latest @@ -88,6 +90,7 @@ jobs: PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.internal-be-careful-output }}" run: | grep -E 'pyyaml\s+\|\s+5.1' <<< $(base64 -d <<< "${PIP_AUDIT_OUTPUT}") + selftest-pipaudit-fail: runs-on: ubuntu-latest steps: From 78c8c56dfe2b6874f955d273dcdb7e7afbbb1ac8 Mon Sep 17 00:00:00 2001 From: Dom Colangelo Date: Tue, 20 Feb 2024 18:30:39 -0500 Subject: [PATCH 7/8] fix output destination --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index f878b53..10bf097 100644 --- a/action.yml +++ b/action.yml @@ -77,7 +77,7 @@ runs: python "${{ github.action_path }}/action.py" "${{ inputs.inputs }}" if [[ "${GHA_PIP_AUDIT_SUMMARY}" = "true" ]]; then - echo "markdown-summary=$(<${GITHUB_STEP_SUMMARY})" >> ${GITHUB_ENV} + echo "markdown-summary=$(<${GITHUB_STEP_SUMMARY})" >> ${GITHUB_OUTPUT} fi env: GHA_PIP_AUDIT_SUMMARY: "${{ inputs.summary }}" From 8a779a701b8c492fc9efc7964b796b666c5a6ffe Mon Sep 17 00:00:00 2001 From: Dom Colangelo Date: Wed, 21 Feb 2024 10:49:19 -0500 Subject: [PATCH 8/8] rename 'internal-be-careful-output' to 'summary-output-base64' --- .github/workflows/selftest.yml | 12 +++++------- README.md | 2 +- action.yml | 5 +---- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/.github/workflows/selftest.yml b/.github/workflows/selftest.yml index 693474b..30d9805 100644 --- a/.github/workflows/selftest.yml +++ b/.github/workflows/selftest.yml @@ -22,11 +22,9 @@ jobs: internal-be-careful-allow-failure: true - name: assert expected output env: - PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.internal-be-careful-output }}" - MARKDOWN_SUMMARY_OUTPUT: "${{ steps.pip-audit.outputs.makrdown-summary }}" + PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.summary-output-base64 }}" run: | grep -E 'pyyaml\s+\|\s+5.1' <<< $(base64 -d <<< "${PIP_AUDIT_OUTPUT}") - grep 'pip-audit found one or more problems' <<< $(base64 -d <<< "${MARKDOWN_SUMMARY_OUTPUT}") selftest-environment: runs-on: ubuntu-latest @@ -43,7 +41,7 @@ jobs: internal-be-careful-allow-failure: true - name: assert expected output env: - PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.internal-be-careful-output }}" + PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.summary-output-base64 }}" run: | grep -E 'pyyaml\s+\|\s+5.1' <<< $(base64 -d <<< "${PIP_AUDIT_OUTPUT}") @@ -69,7 +67,7 @@ jobs: internal-be-careful-allow-failure: true - name: assert expected output env: - PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.internal-be-careful-output }}" + PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.summary-output-base64 }}" run: | grep -E 'pyyaml\s+\|\s+5.1' <<< $(base64 -d <<< "${PIP_AUDIT_OUTPUT}") @@ -87,7 +85,7 @@ jobs: internal-be-careful-allow-failure: true - name: assert expected output env: - PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.internal-be-careful-output }}" + PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.summary-output-base64 }}" run: | grep -E 'pyyaml\s+\|\s+5.1' <<< $(base64 -d <<< "${PIP_AUDIT_OUTPUT}") @@ -106,6 +104,6 @@ jobs: internal-be-careful-allow-failure: true - name: assert expected output env: - PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.internal-be-careful-output }}" + PIP_AUDIT_OUTPUT: "${{ steps.pip-audit.outputs.summary-output-base64 }}" run: | grep 'pip-audit did not return any output' <<< $(base64 -d <<< "${PIP_AUDIT_OUTPUT}") diff --git a/README.md b/README.md index 09b19f5..8e3fa5a 100644 --- a/README.md +++ b/README.md @@ -192,7 +192,7 @@ The `summary` setting controls whether a GitHub [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/) is rendered at the end of the action. -__Note:__ The markdown-formatted summary ("raw markdown" in the GitHub UI) is output to a variable `markdown-summary` when job summaries are enabled. +__Note:__ The markdown-formatted summary is base64 wrapped and output to the variable `summary-output-base64` when job summaries are enabled. Example: diff --git a/action.yml b/action.yml index 10bf097..0551bea 100644 --- a/action.yml +++ b/action.yml @@ -51,12 +51,9 @@ inputs: required: false default: "" outputs: - internal-be-careful-output: + summary-output-base64: description: "the column-formatted output from pip-audit, wrapped as base64" value: "${{ steps.pip-audit.outputs.output }}" - markdown-summary: - description: "the markdown summary output from pip-audit, passed to the Job Summaries page" - value: "${{ steps.pip-audit.outputs.markdown-summary }}" runs: using: "composite" steps: