-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathaction.yml
120 lines (106 loc) · 4.74 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# SPDX-License-Identifier: GPL-3.0-or-later
---
name: Differential ShellCheck
description: GitHub Action for performing differential scans using ShellCheck linter.
branding:
icon: check-circle
color: green
inputs:
triggering-event:
description: The name of the event that triggered the workflow run. Supported values are (merge_group | pull_request | push | manual).
required: false
default: ${{ github.event_name }}
base:
description: Hash of base commit. This input is used when triggering-event is set to "manual".
required: false
default: ""
head:
description: Hash of head commit. This input is used when triggering-event is set to "manual".
required: false
default: ""
merge-group-base:
description: Hash of the merge group's parent commit. This input is used when triggering-event is set to "merge_group".
required: false
default: ${{ github.event.merge_group.base_sha }}
merge-group-head:
description: Hash of the merge group commit. This input is used when triggering-event is set to "merge_group".
required: false
default: ${{ github.event.merge_group.head_sha }}
pull-request-base:
description: Hash of top commit on base branch. This input is used when triggering-event is set to "pull_request".
required: false
default: ${{ github.event.pull_request.base.sha }}
pull-request-head:
description: Hash of latest commit in Pull Request. This input is used when triggering-event is set to "pull_request".
required: false
default: ${{ github.event.pull_request.head.sha }}
push-event-base:
description: Hash of the last commit before push. This input is used when triggering-event is set to "push".
required: false
default: ${{ github.event.before }}
push-event-head:
description: Hash of the last commit after push. This input is used when triggering-event is set to "push".
required: false
default: ${{ github.event.after }}
diff-scan:
description: Input allowing to request specific type of scan. Input is taken into consideration only if `triggering-event` is set to `manual`.
required: false
default: 'true'
strict-check-on-push:
description: |
Differential ShellCheck performs full scans when running on a `push` event, but the Action fails only when new defects are added.
This option allows overwriting this behavior. Hence when `strict-check-on-push` is set to `true` it will fail when any defect is discovered.
required: false
default: 'false'
external-sources:
description: |
Enable following of source statements even when the file is not specified as input. By default, shellcheck will only follow files specified on the command-line (plus /dev/null).
This option allows following any file the script may source. This option may also be enabled using external-sources=true in .shellcheckrc. This flag takes precedence.
default: 'true'
required: false
severity:
description: Specify minimum severity of errors to consider. Valid values in order of severity are error, warning, info and style. The default is style.
default: style
required: false
scan-directory:
description: Directory to scan. If not specified, the root directory is scanned.
default: ''
required: false
exclude-path:
description: List of paths excluded from ShellCheck scanning.
default: ''
required: false
include-path:
description: List of paths to files that will be scanned by ShellCheck.
default: ''
required: false
display-engine:
description: Tool used to display the defects in the output. Valid values are csgrep and sarif-fmt.
default: csgrep
required: false
token:
description: GitHub TOKEN used to upload SARIF data.
required: false
outputs:
sarif:
description: The SARIF file containing defects
html:
description: The HTML file containing defects
runs:
using: docker
image: docker://ghcr.io/redhat-plumbers-in-action/differential-shellcheck:v5.4.0
env:
INPUT_TRIGGERING_EVENT: ${{ inputs.triggering-event }}
INPUT_MERGE_GROUP_BASE: ${{ inputs.merge-group-base }}
INPUT_MERGE_GROUP_HEAD: ${{ inputs.merge-group-head }}
INPUT_PULL_REQUEST_BASE: ${{ inputs.pull-request-base }}
INPUT_PULL_REQUEST_HEAD: ${{ inputs.pull-request-head }}
INPUT_PUSH_EVENT_BASE: ${{ inputs.push-event-base }}
INPUT_PUSH_EVENT_HEAD: ${{ inputs.push-event-head }}
INPUT_DIFF_SCAN: ${{ inputs.diff-scan }}
INPUT_STRICT_CHECK_ON_PUSH: ${{ inputs.strict-check-on-push }}
INPUT_EXTERNAL_SOURCES: ${{ inputs.external-sources }}
INPUT_SCAN_DIRECTORY: ${{ inputs.scan-directory }}
INPUT_EXCLUDE_PATH: ${{ inputs.exclude-path }}
INPUT_INCLUDE_PATH: ${{ inputs.include-path }}
INPUT_DISPLAY_ENGINE: ${{ inputs.display-engine }}