Generate attribution report

.github/workflows/test.yml

@@ -81,3 +81,12 @@ jobs:
           api-key: ${{secrets.fossaApiKey}}
           container: alpine:latest
           run-tests: true
+
+      - name: Generate FOSSA report
+        id: example-generate-report
+        uses: ./
+        with:
+          api-key: ${{secrets.fossaApiKey}}
+          generate-report: json
+
+      - run: echo ${{ steps.example-generate-report.outputs.report }}

README.md

@@ -61,6 +61,29 @@ jobs:
           run-tests: true
 ```
 
+## `generate-report`
+**Optional** If set, FOSSA will run the `fossa report` command. Currently only the "attribution" (or "licensing") report is supported.
+
+The value should be set to a [report format](https://github.com/fossas/fossa-cli/blob/master/docs/references/subcommands/report.md#specifying-a-report-format).
+
+The report's content is set as an output. Write the output to a file as needed.
+
+Example
+```yml
+jobs:
+  fossa-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - id: fossa
+        uses: fossas/fossa-action@main # Use a specific version if locking is preferred
+        with:
+          api-key: ${{secrets.fossaApiKey}}
+          run-tests: true
+          generate-report: html
+      - run: ${{ steps.fossa.outputs.report }} > report.html
+```
+
 ## `test-diff-revision`
 **Optional** If set to a string, FOSSA will run the `fossa test` command with the `--diff` [option](https://github.com/fossas/fossa-cli/blob/master/docs/references/subcommands/test.md#test-for-new-issues-compared-to-another-revision).
 

action.yml

@@ -47,6 +47,16 @@ inputs:
       Run fossa test with the `--diff <revision>` option, which checks if there are new issues relative to `<revision>`.
       Requires `run-tests` to be set in order to take effect.
     required: false
+  generate-report:
+    description: >-
+      If set, after analyzing your project, FOSSA will generate a report which is accessible from the `report` step output.
+      The value must be a [report format](https://github.com/fossas/fossa-cli/blob/master/docs/references/subcommands/report.md#specifying-a-report-format).
+      Currently only the attribution report is supported.
+    required: false
+
+outputs:
+  report:
+    description: If `generate-report` is provided, this will contain the string contents of the report in the requested format.
 
 runs:
   using: node20

src/config.ts

@@ -17,3 +17,4 @@ export const PROJECT = getInput('project', getInputOptions());
 export const TEAM = getInput('team', {required: false});
 export const POLICY = getInput('policy', {required: false});
 export const DEBUG = getBooleanInput('debug', {required: false});
+export const REPORT_FORMAT = getInput('generate-report', getInputOptions());

src/index.ts

@@ -1,5 +1,5 @@
-import { error, setFailed } from '@actions/core';
-import { exec } from '@actions/exec';
+import { error, setFailed, setOutput } from '@actions/core';
+import { exec, ExecListeners } from '@actions/exec';
 import {
   CONTAINER,
   FOSSA_API_KEY,
@@ -11,12 +11,14 @@ import {
   TEAM,
   POLICY,
   DEBUG,
+  REPORT_FORMAT,
 } from './config';
 import { fetchFossaCli } from './download-cli';
 
+// Github doesn't always collect exit codes correctly, so we check output
+const failedRegex = /(A fatal error occurred|Test failed\. Number of issues found)/;
+
 export async function analyze(): Promise<void> {
-  // Github doesn't always collect exit codes correctly, so we check output
-  const failedRegex = /(A fatal error occurred|Test failed\. Number of issues found)/;
   const getEndpointArgs = (): string[] => !ENDPOINT ? [] : [
     '--endpoint',
     ENDPOINT,
@@ -55,7 +57,7 @@ export async function analyze(): Promise<void> {
     output += data.toString();
   };
 
-  const listeners = {
+  const listeners: ExecListeners = {
     stdout: collectOutput,
     stderr: collectOutput,
   };
@@ -89,6 +91,53 @@ export async function analyze(): Promise<void> {
   }
 }
 
+export async function report(): Promise<void> {
+  const getEndpointArgs = (): string[] => !ENDPOINT ? [] : [
+    '--endpoint',
+    ENDPOINT,
+  ];
+  const getProjectArgs = (): string[] => !PROJECT ? [] : [
+    '--project',
+    PROJECT,
+  ];
+  const getFormatArgs = (): string[] => !REPORT_FORMAT ? [] : [
+    '--format',
+    REPORT_FORMAT,
+  ];
+
+  const getArgs = (cmd: string) => [
+    cmd,
+    ...getEndpointArgs(),
+    ...getProjectArgs(),
+    ...getFormatArgs(),
+    DEBUG ? '--debug' : null,
+  ].filter(arg => arg);
+
+  // Setup listeners
+  let output;
+  const collectOutput = (data: Buffer) => {
+    output += data.toString();
+  };
+
+  const listeners: ExecListeners = {
+    stdout: collectOutput,
+    stderr: collectOutput,
+  };
+
+  // Collect default options: Env and listeners
+  const PATH = process.env.PATH || '';
+  const defaultOptions = { env: { ...process.env, PATH, FOSSA_API_KEY }, listeners };
+  output = '';
+  const exitCode = await exec('fossa', [...getArgs('report attribution')], defaultOptions);
+
+  // Check output or exitCode
+  if (exitCode !== 0 || output.match(failedRegex)) {
+    throw new Error(`FOSSA failed to scan`);
+  }
+
+  setOutput('report', output);
+}
+
 async function run() {
   try {
     await fetchFossaCli();
@@ -98,6 +147,9 @@ async function run() {
 
   try {
     await analyze();
+    if(REPORT_FORMAT?.length) {
+      await report();
+    }
   } catch (e) {
     setFailed(e);
   }