From e3195557df5299eb78865f662b7b9c484d139be0 Mon Sep 17 00:00:00 2001
From: Roman Babenko <babenek@users.noreply.github.com>
Date: Wed, 5 Feb 2025 13:08:07 +0200
Subject: [PATCH] Use "composite" workflow for github action (#669)

* update action workflow

* removed unneccessary
---
 .github/workflows/action.yml | 71 ++++++++++++++++++------------------
 Dockerfile                   | 16 --------
 action.yml                   | 40 +++++++++++++++++---
 entrypoint.sh                |  5 ---
 4 files changed, 69 insertions(+), 63 deletions(-)
 delete mode 100644 Dockerfile
 delete mode 100644 entrypoint.sh

diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml
index 8d4704cd4..d193157dd 100644
--- a/.github/workflows/action.yml
+++ b/.github/workflows/action.yml
@@ -5,48 +5,47 @@ name: ActionTest
 on:
   push:
     branches: [ main ]
+  pull_request:
+    branches: [ main ]
 
 jobs:
 
-# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
-
   ActionTest:
 
     runs-on: ubuntu-latest
 
     steps:
 
-    - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
-      with:
-        egress-policy: audit
-
-    - name: Checkout
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        ref: ${{ github.event.pull_request.head.sha }}
-
-    - name: CredSweeper action
-      uses: Samsung/CredSweeper@v1.9.6 # may be changed to any tag
-      with:
-        # args - arguments to credsweeper tool. See default values in action.yml
-        args: --path ./tests/samples/ --save-json
-
-    - name: Prepare commit status
-      run: |
-        ITEMS_CNT=$(jq '. | length' output.json)
-        if [ 1 -lt ${ITEMS_CNT} ]; then
-            echo "Samples were successfully scanned"
-        else
-            echo "Unexpected items: ${ITEMS_CNT}"
-            exit 1
-        fi
-
-    - name: CredSweeper report
-      if: always()
-      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-      with:
-        name: output.json
-        path: output.json
-
-# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: CredSweeper action
+        # dynamic links are not allowed for 'uses:'
+        uses: Samsung/CredSweeper@main # may be changed to any tag
+        continue-on-error: true # the action makes error when credentials are found
+        with:
+          path: tests/samples
+
+      - name: Verify output
+        run: |
+          ITEMS_CNT=$(jq '. | length' output.json)
+          if [ 1 -lt ${ITEMS_CNT} ]; then
+              echo "Samples were successfully scanned"
+          else
+              echo "Unexpected items: ${ITEMS_CNT}"
+              exit 1
+          fi
+
+      - name: CredSweeper report
+        if: always()
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - 2025.01.09
+        with:
+          name: output.json
+          path: output.json
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index ceccdb102..000000000
--- a/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-FROM python:3.10@sha256:fd0fa50d997eb56ce560c6e5ca6a1f5cf8fdff87572a16ac07fb1f5ca01eb608
-
-WORKDIR /app
-
-ADD credsweeper /app/credsweeper
-
-COPY pyproject.toml /app/
-COPY README.md /app/
-
-RUN pip install .
-
-COPY entrypoint.sh /entrypoint.sh
-
-RUN chmod a+x /entrypoint.sh
-
-ENTRYPOINT ["/entrypoint.sh"]
diff --git a/action.yml b/action.yml
index a42c985e1..70bd19e34 100644
--- a/action.yml
+++ b/action.yml
@@ -4,11 +4,39 @@ author: "r.babenko@samsung.com"
 branding:
   icon: "terminal"
   color: "gray-dark"
-runs:
-  using: "docker"
-  image: "Dockerfile"
 inputs:
-  args:
-    description: "Arguments passed to credsweeper"
-    default: "--path . --save-json"
+  python_version:
+    description: "Python Version. 3.10 - default"
+    default: "3.10"
+    required: false
+  path:
+    description: "Path to scan"
     required: true
+  report:
+    description: "CredSweeper report in JSON format"
+    default: "output.json"
+    required: false
+  args:
+    description: "CredSweeper auxiliary arguments"
+    default: "--banner --log INFO"
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - id: setup-python
+      name: Setup Python
+      uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 - 2025.01.28
+      with:
+        python-version: ${{ inputs.python_version }}
+    - id: credsweeper-install
+      name: Install CredSweeper
+      shell: bash
+      run: python -m pip install credsweeper
+    - id: credsweeper-run
+      name: CredSweeper run
+      shell: bash
+      run: python -m credsweeper ${{ inputs.args }} --path ${{ inputs.path }} --save-json ${{ inputs.report }}
+    - id: check-output
+      name: Check output
+      shell: bash
+      run: python -c "import json; import sys; sys.exit(1 if json.load(open('${{ inputs.report }}')) else 0)"
diff --git a/entrypoint.sh b/entrypoint.sh
deleted file mode 100644
index fa5cda130..000000000
--- a/entrypoint.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-set -e
-set -x
-
-credsweeper ${INPUT_ARGS}