mirrors/github-actions-models
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
github-actions-models/tests/sample-actions/gh-action-pip-audit.yml
William Woodruff d1f298a0c6
hackety hack
2023-12-31 00:12:17 -05:00

88 lines
3.4 KiB
YAML
Raw Blame History

# https://github.com/pypa/gh-action-pip-audit/blob/530374b67a3e8b3972d2caae7ee9a1d3dd486329/action.yml
name: "gh-action-pip-audit"
author: "William Woodruff <william@trailofbits.com>"
description: "Use pip-audit to scan Python dependencies for known vulnerabilities"
inputs:
summary:
description: "render a Markdown summary of the audit (default true)"
required: false
default: true
no-deps:
description: "don't do any dependency resolution (requires fully pinned requirements) (default false)"
required: false
default: false
require-hashes:
description: "enforce hashes (requirements-style inputs only) (default false)"
required: false
default: false
vulnerability-service:
description: "the vulnerability service to use (PyPI or OSV, defaults to PyPI)"
required: false
default: "PyPI"
inputs:
description: "the inputs to audit, whitespace separated (defaults to current path)"
required: false
default: ""
virtual-environment:
description: "the virtual environment to audit within (default none)"
required: false
default: ""
local:
description: "for environmental audits, consider only packages marked local (default false)"
required: false
default: false
index-url:
description: "the base URL for the PEP 503-compatible package index to use"
required: false
default: ""
extra-index-urls:
description: "extra PEP 503-compatible indexes to use, whitespace separated"
required: false
default: ""
ignore-vulns:
description: "vulnerabilities to explicitly exclude, if present (whitespace separated)"
required: false
default: ""
internal-be-careful-allow-failure:
description: "don't fail the job if the audit fails (default false)"
required: false
default: false
internal-be-careful-extra-flags:
description: "extra flags to be passed in to pip-audit"
required: false
default: ""
outputs:
internal-be-careful-output:
description: "the column-formatted output from pip-audit, wrapped as base64"
value: "${{ steps.pip-audit.outputs.output }}"
runs:
using: "composite"
steps:
- name: Set up pip-audit
run: |
# NOTE: Sourced, not executed as a script.
source "${{ github.action_path }}/setup/setup.bash"
env:
GHA_PIP_AUDIT_VIRTUAL_ENVIRONMENT: "${{ inputs.virtual-environment }}"
shell: bash
- name: Run pip-audit
id: pip-audit
run: |
# NOTE: Sourced, not executed as a script.
source "${{ github.action_path }}/setup/venv.bash"
python "${{ github.action_path }}/action.py" "${{ inputs.inputs }}"
env:
GHA_PIP_AUDIT_SUMMARY: "${{ inputs.summary }}"
GHA_PIP_AUDIT_NO_DEPS: "${{ inputs.no-deps }}"
GHA_PIP_AUDIT_REQUIRE_HASHES: "${{ inputs.require-hashes }}"
GHA_PIP_AUDIT_VULNERABILITY_SERVICE: "${{ inputs.vulnerability-service }}"
GHA_PIP_AUDIT_VIRTUAL_ENVIRONMENT: "${{ inputs.virtual-environment }}"
GHA_PIP_AUDIT_LOCAL: "${{ inputs.local }}"
GHA_PIP_AUDIT_INDEX_URL: "${{ inputs.index-url }}"
GHA_PIP_AUDIT_EXTRA_INDEX_URLS: "${{ inputs.extra-index-urls }}"
GHA_PIP_AUDIT_IGNORE_VULNS: "${{ inputs.ignore-vulns }}"
GHA_PIP_AUDIT_INTERNAL_BE_CAREFUL_ALLOW_FAILURE: "${{ inputs.internal-be-careful-allow-failure }}"
GHA_PIP_AUDIT_INTERNAL_BE_CAREFUL_EXTRA_FLAGS: "${{ inputs.internal-be-careful-extra-flags }}"
shell: bash
Reference in a new issue View git blame Copy permalink