Added input

CHANGELOG.md

@@ -1,3 +1,8 @@
+## [2.0.4] - May 16th, 2024
+
+* Added input for serif file name.
+
+
 ## [2.0.3] - May 16th, 2024
 
 * Explicitly defined pubspec.lock file

README.md

@@ -11,14 +11,17 @@
 
 Performs checks against Dart and Flutter code to ensure the package does not have any analysis issues, failed tests, or improperly formatted code (as defined by `dart format`).
 
+This will also run the [Google Open Source Vulnerability](https://google.github.io/osv-scanner/) scanner to scan the package for vulnerabilities.
+
 ## Inputs
 
-Name              | Default  | Description
-------------------|----------|-------------
-`channel`         | `stable` | Channel to pull for Dart / Flutter's SDK
-`flutter_version` | `any`    | Flutter version within the channel to use
-`generate_code`   | `false`  | State whether or not to run the code generator before validating
-`path`            | `.`      | Path for the package being validated
+Name              | Default         | Description
+------------------|-----------------|-------------
+`channel`         | `stable`        | Channel to pull for Dart / Flutter's SDK
+`flutter_version` | `any`           | Flutter version within the channel to use
+`generate_code`   | `false`         | State whether or not to run the code generator before validating
+`path`            | `.`             | Path for the package being validated
+`serif_file`      | `results.sarif` | Name of the file emitted by the `osv-scanner` reporting engine
 
 
 ## Example usage
@@ -38,6 +41,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
       - name: Validate
-        uses: peiffer-innovations/actions-flutter-validate@v1
+        uses: peiffer-innovations/actions-flutter-validate@v2
 ```
 

action.yml

@@ -18,6 +18,10 @@ inputs:
     description: '(Optional) Package directory (default: ".")'
     required: false
     default: '.'
+  serif_file:
+    description: '(Optional) Name of the security output file.'
+    required: false
+    default: 'results.sarif'
 
 runs:
   using: 'composite'
@@ -58,31 +62,31 @@ runs:
       uses: google/osv-scanner-action/osv-scanner-action@75532bf0bf75464b047d80414dbce04449498365 # v1.7.3
       with:
         scan-args: |-
-          --output=results.json
+          --output=${{ inputs.path }}/results.json
           --format=json
           -r
           --skip-git
+          --lockfile ${{ inputs.path }}/pubspec.lock
           ${{inputs.path}}
       continue-on-error: true
     - name: "Run osv-scanner-reporter"
       uses: google/osv-scanner-action/osv-reporter-action@75532bf0bf75464b047d80414dbce04449498365 # v1.7.3
       with:
         scan-args: |-
-          --output=results.sarif
-          --new=results.json
+          --output=${{ inputs.path }}/${{ serif_file }}
+          --new=${{ inputs.path }}/results.json
           --gh-annotations=false
           --fail-on-vuln=true
-          --lockfile ${{ inputs.path }}/pubspec.lock
     - name: "Upload artifact"
       id: "upload_artifact"
       if: ${{ !cancelled() }}
       uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
       with:
         name: SARIF file
-        path: results.sarif
+        path: ${{ inputs.path }}/${{ serif_file }}
         retention-days: 5
     - name: "Upload to code-scanning"
       if: "${{ !cancelled() }}"
       uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
       with:
-        sarif_file: results.sarif
+        sarif_file: ${{ inputs.path }}/${{ serif_file }}

pubspec.yaml

@@ -1,6 +1,6 @@
 name: 'actions_flutter_validate'
 description: 'Simple CLI to be able to validate Dart and Flutter repos'
-version: '2.0.3'
+version: '2.0.4'
 homepage: 'https://github.com/peiffer-innovations/actions-flutter-validate'
 
 environment: