-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathentrypoint.sh
More file actions
executable file
·79 lines (66 loc) · 2.61 KB
/
entrypoint.sh
File metadata and controls
executable file
·79 lines (66 loc) · 2.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/bin/sh
REPO_PRIVATE=$(jq -r '.repository.private | tostring' "$GITHUB_EVENT_PATH" 2>/dev/null || echo "")
UPSTREAM="reviewdog/action-actionlint"
ACTION_REPO="${GITHUB_ACTION_REPOSITORY:-}"
DOCS_URL="https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions"
echo ""
echo -e "\033[1;36mStepSecurity Maintained Action\033[0m"
echo "Secure drop-in replacement for $UPSTREAM"
if [ "$REPO_PRIVATE" = "false" ]; then
echo -e "\033[32m✓ Free for public repositories\033[0m"
fi
echo -e "\033[36mLearn more:\033[0m $DOCS_URL"
echo ""
if [ "$REPO_PRIVATE" != "false" ]; then
SERVER_URL="${GITHUB_SERVER_URL:-https://github.com}"
if [ "$SERVER_URL" != "https://github.com" ]; then
BODY=$(printf '{"action":"%s","ghes_server":"%s"}' "$ACTION_REPO" "$SERVER_URL")
else
BODY=$(printf '{"action":"%s"}' "$ACTION_REPO")
fi
API_URL="https://agent.api.stepsecurity.io/v1/github/$GITHUB_REPOSITORY/actions/maintained-actions-subscription"
RESPONSE=$(curl --max-time 3 -s -w "%{http_code}" \
-X POST \
-H "Content-Type: application/json" \
-d "$BODY" \
"$API_URL" -o /dev/null) && CURL_EXIT_CODE=0 || CURL_EXIT_CODE=$?
if [ $CURL_EXIT_CODE -ne 0 ]; then
echo "Timeout or API not reachable. Continuing to next step."
elif [ "$RESPONSE" = "403" ]; then
echo -e "::error::\033[1;31mThis action requires a StepSecurity subscription for private repositories.\033[0m"
echo -e "::error::\033[31mLearn how to enable a subscription: $DOCS_URL\033[0m"
exit 1
fi
fi
if [ "${RUNNER_DEBUG}" = "1" ] ; then
set -x
fi
if [ -n "${GITHUB_WORKSPACE}" ] ; then
cd "${GITHUB_WORKSPACE}" || exit
git config --global --add safe.directory "${GITHUB_WORKSPACE}" || exit 1
fi
export REVIEWDOG_GITHUB_API_TOKEN="${INPUT_GITHUB_TOKEN}"
# shellcheck disable=SC2086
actionlint -oneline ${INPUT_ACTIONLINT_FLAGS} | while read -r r; do
shellcheck_output=" shellcheck reported issue in this script: "
severity=e
# Parse the severity if the output is from shellcheck
if echo "${r}" | grep "${shellcheck_output}"; then
s="$(echo "${r}" | sed -e "s/^.*${shellcheck_output}[^:]*:\([^:]\).*$/\1/g")"
if [ "${s}" = 'e' ] || [ "${s}" = 'w' ] || [ "${s}" = 'i' ] || [ "${s}" = 'n' ]; then
severity="${s}"
fi
fi
echo "${severity}:${r}"
done \
| reviewdog \
-efm="%t:%f:%l:%c: %m" \
-name="${INPUT_TOOL_NAME}" \
-reporter="${INPUT_REPORTER}" \
-filter-mode="${INPUT_FILTER_MODE}" \
-fail-level="${INPUT_FAIL_LEVEL}" \
-fail-on-error="${INPUT_FAIL_ON_ERROR}" \
-level="${INPUT_LEVEL}" \
${INPUT_REVIEWDOG_FLAGS}
exit_code=$?
exit $exit_code