-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yml
93 lines (92 loc) · 3.55 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# action.yml
name: 'CVE CNA Bot'
description: 'A Bot that validates CVE records and (optionally) submits them to the CVE database.'
author: Dutch Institute for Vulnerability Disclosure
branding:
icon: check
color: yellow
inputs:
cve-user:
description: 'CVE services user name (usually the email address)'
required: true
cve-org:
description: 'CVE services organisation'
required: true
cve-api-key:
description: 'CVE services api key (Please store this in a GitHub secret)'
required: true
cve-environment:
description: 'CVE services environment (defaults to test)'
required: true
default: test
publish:
description: 'Set to `true` to publish the records to the CVE services'
default: false
path:
description: 'Path to check and submit'
default: "."
ignore:
description: 'Comma separted list of checks to ignore.'
default: ""
min-reserved:
description: 'Minimum number of reserved records for the current year'
default: 0
reserve:
description: 'Minimum number of records to reserve in one go (0=do not make reservations)'
default: 0
pr:
description: 'Create a PR to bring local records in line with remote records.'
default: false
github-token :
description: 'Github token, usually automatically provided via `secrets.GITHUB_TOKEN`, required when pr is set to `true`'
github-branch :
description: 'Name of the github branch to create the pull request from. Defaults to `cve_sumbit_pr`'
default: 'cve_submit_pr_${{ github.sha }}'
github-pr-description:
description: 'description of the github pull request. Defaults to `Automatic updates made by cve-rsus-validate-submit Github Action`'
default: 'Automatic updates made by cve-rsus-validate-submit Github Action'
check-reservations:
description: 'Check reservations as well (default: true)'
default: true
reservations-path:
description: 'Path where reservations are kept by default. (default: $path/reservations'
default: ''
create-missing:
description: 'Create files for missing records from the CVE database (default: true)'
default: true
expire-after:
description: 'Create PR to expire reservations this much time after the end of the year (e.g 4d, 3w, 2m or 1y)'
default: ''
verbose :
description: 'Verbose output'
default: false
quiet :
description: 'Minimal output (wins over verbose)'
default: false
debug :
description: 'Most verbose output'
default: false
runs:
using: 'docker'
image: 'Dockerfile'
env:
CVE_USER : ${{ inputs.cve-user }}
CVE_ORG : ${{ inputs.cve-org }}
CVE_API_KEY : ${{ inputs.cve-api-key }}
CVE_ENVIRONMENT : ${{ inputs.cve-environment }}
GITHUB_TOKEN : ${{ inputs.github-token }}
GITHUB_BRANCH : ${{ inputs.github-branch }}
GITHUB_PR_DESC : ${{ inputs.github-pr-description }}
CVE_PATH : ${{ inputs.path }}
CVE_PUBLISH : ${{ inputs.publish }}
IGNORE_CHECKS : ${{ inputs.ignore }}
MIN_RESERVED : ${{ inputs.min-reserved }}
RESERVE : ${{ inputs.reserve }}
DO_PR : ${{ inputs.pr }}
INCLUDE_RESERVATIONS : ${{ inputs.check-reservations }}
RESERVATIONS_PATH : ${{ inputs.reservations-path }}
CREATE_MISSING : ${{ inputs.create-missing }}
EXPIRE_AFTER : ${{ inputs.expire-after }}
VERBOSE : ${{ inputs.verbose }}
QUIET : ${{ inputs.quiet }}
DEBUG: ${{ inputs.debug }}