Use "composite" workflow for github action (#669)

* update action workflow * removed unneccessary
Samsung · Feb 5, 2025 · e319555 · e319555
1 parent 0c8772a
commit e319555
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 63 deletions.
diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml
@@ -5,48 +5,47 @@ name: ActionTest
 on:
   push:
     branches: [ main ]
+  pull_request:
+    branches: [ main ]
 
 jobs:
 
-# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
-
   ActionTest:
 
     runs-on: ubuntu-latest
 
     steps:
 
-    - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
-      with:
-        egress-policy: audit
-
-    - name: Checkout
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        ref: ${{ github.event.pull_request.head.sha }}
-
-    - name: CredSweeper action
-      uses: Samsung/[email protected] # may be changed to any tag
-      with:
-        # args - arguments to credsweeper tool. See default values in action.yml
-        args: --path ./tests/samples/ --save-json
-
-    - name: Prepare commit status
-      run: |
-        ITEMS_CNT=$(jq '. | length' output.json)
-        if [ 1 -lt ${ITEMS_CNT} ]; then
-            echo "Samples were successfully scanned"
-        else
-            echo "Unexpected items: ${ITEMS_CNT}"
-            exit 1
-        fi
-
-    - name: CredSweeper report
-      if: always()
-      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-      with:
-        name: output.json
-        path: output.json
-
-# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: CredSweeper action
+        # dynamic links are not allowed for 'uses:'
+        uses: Samsung/CredSweeper@main # may be changed to any tag
+        continue-on-error: true # the action makes error when credentials are found
+        with:
+          path: tests/samples
+
+      - name: Verify output
+        run: |
+          ITEMS_CNT=$(jq '. | length' output.json)
+          if [ 1 -lt ${ITEMS_CNT} ]; then
+              echo "Samples were successfully scanned"
+          else
+              echo "Unexpected items: ${ITEMS_CNT}"
+              exit 1
+          fi
+
+      - name: CredSweeper report
+        if: always()
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - 2025.01.09
+        with:
+          name: output.json
+          path: output.json
diff --git a/Dockerfile b/Dockerfile
diff --git a/action.yml b/action.yml
@@ -4,11 +4,39 @@ author: "[email protected]"
 branding:
   icon: "terminal"
   color: "gray-dark"
-runs:
-  using: "docker"
-  image: "Dockerfile"
 inputs:
-  args:
-    description: "Arguments passed to credsweeper"
-    default: "--path . --save-json"
+  python_version:
+    description: "Python Version. 3.10 - default"
+    default: "3.10"
+    required: false
+  path:
+    description: "Path to scan"
     required: true
+  report:
+    description: "CredSweeper report in JSON format"
+    default: "output.json"
+    required: false
+  args:
+    description: "CredSweeper auxiliary arguments"
+    default: "--banner --log INFO"
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - id: setup-python
+      name: Setup Python
+      uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 - 2025.01.28
+      with:
+        python-version: ${{ inputs.python_version }}
+    - id: credsweeper-install
+      name: Install CredSweeper
+      shell: bash
+      run: python -m pip install credsweeper
+    - id: credsweeper-run
+      name: CredSweeper run
+      shell: bash
+      run: python -m credsweeper ${{ inputs.args }} --path ${{ inputs.path }} --save-json ${{ inputs.report }}
+    - id: check-output
+      name: Check output
+      shell: bash
+      run: python -c "import json; import sys; sys.exit(1 if json.load(open('${{ inputs.report }}')) else 0)"
diff --git a/entrypoint.sh b/entrypoint.sh