From d55cd5e7e09b7cb132b14ecc4e0b5655f1c376e1 Mon Sep 17 00:00:00 2001 From: tdruez Date: Wed, 30 Oct 2024 10:12:23 +0400 Subject: [PATCH] Revert commit 3ad6e07 Signed-off-by: tdruez --- .github/workflows/analyze-docker-image.yml | 17 ++- .github/workflows/map-deploy-to-develop.yml | 24 ++-- README.md | 149 ++++++++++---------- 3 files changed, 94 insertions(+), 96 deletions(-) diff --git a/.github/workflows/analyze-docker-image.yml b/.github/workflows/analyze-docker-image.yml index 6a9dcac..53799ff 100644 --- a/.github/workflows/analyze-docker-image.yml +++ b/.github/workflows/analyze-docker-image.yml @@ -1,12 +1,11 @@ on: [push] jobs: - scan-codebase: - runs-on: ubuntu-22.04 - name: Analyze a Docker image with ScanCode.io - steps: - - uses: nexB/scancode-action@alpha - with: - pipelines: "analyze_docker_image" - input-urls: - https://github.com/nexB/scancode.io-tutorial/releases/download/sample-images/30-alpine-nickolashkraus-staticbox-latest.tar + scan-codebase: + runs-on: ubuntu-22.04 + name: Analyze a Docker image with ScanCode.io + steps: + - uses: nexB/scancode-action@alpha + with: + pipelines: 'analyze_docker_image' + input-urls: https://github.com/aboutcode-org/scancode.io-tutorial/releases/download/sample-images/30-alpine-nickolashkraus-staticbox-latest.tar diff --git a/.github/workflows/map-deploy-to-develop.yml b/.github/workflows/map-deploy-to-develop.yml index a3216f8..7521f46 100644 --- a/.github/workflows/map-deploy-to-develop.yml +++ b/.github/workflows/map-deploy-to-develop.yml @@ -1,15 +1,15 @@ on: [push] jobs: - scan-codebase: - runs-on: ubuntu-22.04 - name: Map deploy to develop with ScanCode.io - steps: - - uses: nexB/scancode-action@alpha - with: - pipelines: "map_deploy_to_develop" - input-urls: - https://github.com/nexB/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/from-flume-ng-node-1.9.0.zip#from - https://github.com/nexB/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/to-flume-ng-node-1.9.0.zip#to - env: - PURLDB_URL: https://public.purldb.io/ + scan-codebase: + runs-on: ubuntu-22.04 + name: Map deploy to develop with ScanCode.io + steps: + - uses: nexB/scancode-action@alpha + with: + pipelines: 'map_deploy_to_develop' + input-urls: + https://github.com/aboutcode-org/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/from-flume-ng-node-1.9.0.zip#from + https://github.com/aboutcode-org/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/to-flume-ng-node-1.9.0.zip#to + env: + PURLDB_URL: https://public.purldb.io/ diff --git a/README.md b/README.md index 9f37de8..08c58ff 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,26 @@ # `@nexB/scancode-action` -Run [ScanCode.io](https://github.com/nexB/scancode.io) pipelines from your Workflows. - -> [!IMPORTANT] -> The scancode-action is currently in the **alpha stage**, and we invite you to -> contribute to its improvement. Please feel free to submit bug reports or share -> your ideas by creating new entries in the "Issues" section. -> Your collaboration helps us enhance the action and ensures a more stable and -> effective tool for the community. -> Thank you for your support! - -- [Usage](#usage) - - [Basic](#basic) - - [Inputs](#inputs) -- [Examples](#examples) - - [Scan repo codebase](#scan-repo-codebase) - - [Run a specific pipeline](#run-a-specific-pipeline) - - [Run multiple pipelines](#run-multiple-pipelines) - - [Choose the output formats](#choose-the-output-formats) - - [Provide download URLs inputs](#provide-download-urls-inputs) - - [Fetch pipelines inputs](#fetch-pipelines-inputs) - - [Define a custom project name](#define-a-custom-project-name) -- [Where does the scan results go?](#where-does-the-scan-results-go) +Run [ScanCode.io](https://github.com/aboutcode-org/scancode.io) pipelines from +your Workflows. + +> [!IMPORTANT] The scancode-action is currently in the **alpha stage**, and we +> invite you to contribute to its improvement. Please feel free to submit bug +> reports or share your ideas by creating new entries in the "Issues" section. +> Your collaboration helps us enhance the action and ensures a more stable and +> effective tool for the community. Thank you for your support! + +- [Usage](#usage) + - [Basic](#basic) + - [Inputs](#inputs) +- [Examples](#examples) + - [Scan repo codebase](#scan-repo-codebase) + - [Run a specific pipeline](#run-a-specific-pipeline) + - [Run multiple pipelines](#run-multiple-pipelines) + - [Choose the output formats](#choose-the-output-formats) + - [Provide download URLs inputs](#provide-download-urls-inputs) + - [Fetch pipelines inputs](#fetch-pipelines-inputs) + - [Define a custom project name](#define-a-custom-project-name) +- [Where does the scan results go?](#where-does-the-scan-results-go) ## Usage @@ -29,13 +28,13 @@ Run [ScanCode.io](https://github.com/nexB/scancode.io) pipelines from your Workf ```yaml steps: -- uses: actions/checkout@v4 - with: - path: scancode-inputs -- uses: nexB/scancode-action@alpha - with: - pipelines: "scan_codebase" - output-formats: "json xlsx spdx cyclonedx" + - uses: actions/checkout@v4 + with: + path: scancode-inputs + - uses: nexB/scancode-action@alpha + with: + pipelines: 'scan_codebase' + output-formats: 'json xlsx spdx cyclonedx' ``` ### Inputs @@ -43,47 +42,47 @@ steps: ```yaml - uses: nexB/scancode-action@alpha with: - # Names of the pipelines (comma-separated) and in order. - # Default is 'scan_codebase' - pipelines: + # Names of the pipelines (comma-separated) and in order. + # Default is 'scan_codebase' + pipelines: - # The list of output formats to generate. - # Default is 'json xlsx spdx cyclonedx' - output-formats: + # The list of output formats to generate. + # Default is 'json xlsx spdx cyclonedx' + output-formats: - # Relative path within the $GITHUB_WORKSPACE for pipeline inputs. - # Default is 'scancode-inputs' - inputs-path: + # Relative path within the $GITHUB_WORKSPACE for pipeline inputs. + # Default is 'scancode-inputs' + inputs-path: - # Provide one or more URLs to download for the pipeline run execution - input-urls: + # Provide one or more URLs to download for the pipeline run execution + input-urls: - # Name of the project. - # Default is 'scancode-action' - project-name: + # Name of the project. + # Default is 'scancode-action' + project-name: - # Name of the outputs archive. - # Default is 'scancode-outputs' - outputs-archive-name: + # Name of the outputs archive. + # Default is 'scancode-outputs' + outputs-archive-name: - # Python version that will be installed to run ScanCode.io - # Default is '3.11' - python-version: + # Python version that will be installed to run ScanCode.io + # Default is '3.11' + python-version: ``` ## Examples -See https://github.com/nexB/scancode-action/tree/main/.github/workflows for Workflows -examples. +See https://github.com/aboutcode-org/scancode-action/tree/main/.github/workflows +for Workflows examples. ### Scan repo codebase ```yaml steps: -- uses: actions/checkout@v4 - with: - path: scancode-inputs -- uses: nexB/scancode-action@alpha + - uses: actions/checkout@v4 + with: + path: scancode-inputs + - uses: nexB/scancode-action@alpha ``` ### Run a specific pipeline @@ -93,7 +92,7 @@ steps: ```yaml - uses: nexB/scancode-action@alpha with: - pipelines: "scan_codebase" + pipelines: 'scan_codebase' ``` ### Run multiple pipelines @@ -101,19 +100,20 @@ steps: ```yaml - uses: nexB/scancode-action@alpha with: - pipelines: "scan_codebase,find_vulnerabilities" + pipelines: 'scan_codebase,find_vulnerabilities' env: - VULNERABLECODE_URL: https://public.vulnerablecode.io/ + VULNERABLECODE_URL: https://public.vulnerablecode.io/ ``` #### Configuring `find_vulnerabilities` Pipeline -The `find_vulnerabilities` pipeline requires access to a VulnerableCode instance, -which can be defined using the `VULNERABLECODE_URL` environment variable. +The `find_vulnerabilities` pipeline requires access to a VulnerableCode +instance, which can be defined using the `VULNERABLECODE_URL` environment +variable. -In the example provided, a public instance is referenced. -However, you also have the option to run your own VulnerableCode instance. -For details on setting up and configuring your own instance, please refer to the +In the example provided, a public instance is referenced. However, you also have +the option to run your own VulnerableCode instance. For details on setting up +and configuring your own instance, please refer to the [VulnerableCode documentation](https://vulnerablecode.readthedocs.io/en/latest/index.html). ### Choose the output formats @@ -121,7 +121,7 @@ For details on setting up and configuring your own instance, please refer to the ```yaml - uses: nexB/scancode-action@alpha with: - output-formats: "json xlsx spdx cyclonedx" + output-formats: 'json xlsx spdx cyclonedx' ``` ### Provide download URLs inputs @@ -129,10 +129,9 @@ For details on setting up and configuring your own instance, please refer to the ```yaml - uses: nexB/scancode-action@alpha with: - pipelines: "map_deploy_to_develop" - input-urls: - https://domain.url/source.zip#from - https://domain.url/binaries.zip#to + pipelines: 'map_deploy_to_develop' + input-urls: + https://domain.url/source.zip#from https://domain.url/binaries.zip#to ``` ### Fetch pipelines inputs @@ -140,10 +139,10 @@ For details on setting up and configuring your own instance, please refer to the ```yaml - name: Download repository archive to scancode-inputs/ directory run: | - wget --directory-prefix=scancode-inputs https://github.com/${GITHUB_REPOSITORY}/archive/${GITHUB_REF}.zip + wget --directory-prefix=scancode-inputs https://github.com/${GITHUB_REPOSITORY}/archive/${GITHUB_REF}.zip - uses: nexB/scancode-action@alpha with: - pipelines: "scan_single_package" + pipelines: 'scan_single_package' ``` ### Define a custom project name @@ -151,12 +150,12 @@ For details on setting up and configuring your own instance, please refer to the ```yaml - uses: nexB/scancode-action@alpha with: - project-name: "my-project-name" + project-name: 'my-project-name' ``` ## Where are the Scan Results? -Upon completion of the workflow, you can **find the scan results** in the dedicated -**artifacts section** at the bottom of the workflow summary page. -Look for a file named `scancode-outputs` in that section. -This file contains the outputs generated by the `scancode-action`. +Upon completion of the workflow, you can **find the scan results** in the +dedicated **artifacts section** at the bottom of the workflow summary page. Look +for a file named `scancode-outputs` in that section. This file contains the +outputs generated by the `scancode-action`.