From e37aeb74df5da832acd9d366ef0a2c05aeb667dc Mon Sep 17 00:00:00 2001 From: Jeff Peiffer Date: Thu, 16 May 2024 11:13:22 -0400 Subject: [PATCH] Added input --- CHANGELOG.md | 5 +++++ README.md | 17 ++++++++++------- action.yml | 16 ++++++++++------ pubspec.yaml | 2 +- 4 files changed, 26 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e813350..e4ff17c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +## [2.0.4] - May 16th, 2024 + +* Added input for serif file name. + + ## [2.0.3] - May 16th, 2024 * Explicitly defined pubspec.lock file diff --git a/README.md b/README.md index 8cc450b..fe040aa 100644 --- a/README.md +++ b/README.md @@ -11,14 +11,17 @@ Performs checks against Dart and Flutter code to ensure the package does not have any analysis issues, failed tests, or improperly formatted code (as defined by `dart format`). +This will also run the [Google Open Source Vulnerability](https://google.github.io/osv-scanner/) scanner to scan the package for vulnerabilities. + ## Inputs -Name | Default | Description -------------------|----------|------------- -`channel` | `stable` | Channel to pull for Dart / Flutter's SDK -`flutter_version` | `any` | Flutter version within the channel to use -`generate_code` | `false` | State whether or not to run the code generator before validating -`path` | `.` | Path for the package being validated +Name | Default | Description +------------------|-----------------|------------- +`channel` | `stable` | Channel to pull for Dart / Flutter's SDK +`flutter_version` | `any` | Flutter version within the channel to use +`generate_code` | `false` | State whether or not to run the code generator before validating +`path` | `.` | Path for the package being validated +`serif_file` | `results.sarif` | Name of the file emitted by the `osv-scanner` reporting engine ## Example usage @@ -38,6 +41,6 @@ jobs: - name: Checkout uses: actions/checkout@v2 - name: Validate - uses: peiffer-innovations/actions-flutter-validate@v1 + uses: peiffer-innovations/actions-flutter-validate@v2 ``` diff --git a/action.yml b/action.yml index 60b22a9..4175ce5 100644 --- a/action.yml +++ b/action.yml @@ -18,6 +18,10 @@ inputs: description: '(Optional) Package directory (default: ".")' required: false default: '.' + serif_file: + description: '(Optional) Name of the security output file.' + required: false + default: 'results.sarif' runs: using: 'composite' @@ -58,31 +62,31 @@ runs: uses: google/osv-scanner-action/osv-scanner-action@75532bf0bf75464b047d80414dbce04449498365 # v1.7.3 with: scan-args: |- - --output=results.json + --output=${{ inputs.path }}/results.json --format=json -r --skip-git + --lockfile ${{ inputs.path }}/pubspec.lock ${{inputs.path}} continue-on-error: true - name: "Run osv-scanner-reporter" uses: google/osv-scanner-action/osv-reporter-action@75532bf0bf75464b047d80414dbce04449498365 # v1.7.3 with: scan-args: |- - --output=results.sarif - --new=results.json + --output=${{ inputs.path }}/${{ serif_file }} + --new=${{ inputs.path }}/results.json --gh-annotations=false --fail-on-vuln=true - --lockfile ${{ inputs.path }}/pubspec.lock - name: "Upload artifact" id: "upload_artifact" if: ${{ !cancelled() }} uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file - path: results.sarif + path: ${{ inputs.path }}/${{ serif_file }} retention-days: 5 - name: "Upload to code-scanning" if: "${{ !cancelled() }}" uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 with: - sarif_file: results.sarif + sarif_file: ${{ inputs.path }}/${{ serif_file }} diff --git a/pubspec.yaml b/pubspec.yaml index dae7ab5..0800648 100644 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -1,6 +1,6 @@ name: 'actions_flutter_validate' description: 'Simple CLI to be able to validate Dart and Flutter repos' -version: '2.0.3' +version: '2.0.4' homepage: 'https://github.com/peiffer-innovations/actions-flutter-validate' environment: