update actions files and readme.

2021-06-24 11:56:59 -07:00 · 2021-06-24 11:56:59 -07:00 · fc471e1c63
parent c53794a24b
commit fc471e1c63
5 changed files with 43 additions and 18 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -4,10 +4,6 @@ jobs:
  flawfinder:
    name: Flawfinder
    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
    steps:
      # To use this repository's private action,
      # you must check out the repository
@ -17,9 +13,15 @@ jobs:
      - name: Flawfinder action step
        uses: ./ # Uses an action in the root directory
        with:
-          command: '--sarif ./ > flawfinder-results.sarif'
+          arguments: '--sarif ./'
+          output: 'flawfinder_results.sarif'
+
+      - name: Upload a Build Artifact
+        uses: actions/upload-artifact@v2.2.4
+        with:
+          path: flawfinder_results.sarif   

      - name: Upload analysis results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
-          sarif_file: ./flawfinder-results.sarif
+          sarif_file: ${{github.workspace}}/flawfinder_results.sarif
--- a/7
+++ b/7
@ -1,14 +1,9 @@
 # Container image that runs your code
-FROM ubuntu:20.04
+FROM python:3

 # Copies your code file from your action repository to the filesystem path `/` of the container
 COPY entrypoint.sh /entrypoint.sh

-
-RUN apt update -y
-
-RUN apt install python3-pip -y
-
 RUN pip install flawfinder

 # Code file to execute when the docker container starts up (`entrypoint.sh`)
--- a/README.md
+++ b/README.md
@ -94,6 +94,27 @@ vulnerabilities in programs that cannot be built or cannot be linked.
 Flawfinder also doesn't get as confused by macro definitions
 and other oddities that more sophisticated tools have trouble with.

+# Flawfinder Github Action
+
+## Usage
+
+See [action.yml](https://github.com/david-a-wheeler/flawfinder/blob/main/action.yml)
+
+Create a .yml file under .github/workflows with the following contents:
+
+### Basic:
+````yml
+- name: Flawfinder
+  uses: david-a-wheeler/flawfinder@v1.0
+  with:
+    arguments: '--sarif ./'
+    output: 'flawfinder_results.sarif'
+````
+### Input options:
+- arguments: Flawfinder command arguments. 
+Visit https://github.com/david-a-wheeler/flawfinder/blob/master/README.md#usage to check all parameters.
+- output: Flawfinder output file name. Can be uploaded to Github.
+
 # Contributions

 We love contributions!  For more information on contributing, see
--- a/action.yml
+++ b/action.yml
@ -1,12 +1,17 @@
 name: 'Flawfinder'
 description: 'Execute Flawfinder'
 inputs:
-  command:
-    description: 'Command to be sent to Flawfinder'
-    required: false
-    default: '--help'
+  arguments:
+    description: 'Command arguments to be sent to Flawfinder'
+    required: true
+    default: ''
+  output:
+    description: 'Output file name'
+    required: true
+    default: ''
 runs:
  using: 'docker'
  image: 'Dockerfile'
  args:
-    - ${{ inputs.command }}
+    - ${{ inputs.arguments }}
+    - ${{ inputs.output }}
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,5 +1,7 @@
 #!/bin/sh -l
+# $1 arguments
+# $2 output filename

-flawfinder $1
+flawfinder $1 > $2

 echo "Executed with success."