Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add artifact name as input #64

Merged
merged 1 commit into from
Jun 29, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ All notable changes to this GitHub action will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

## [Unreleased]
### Added
- An input (`artifact_name`) used to name the artifact that contains the ZAP reports. [#45](https://github.com/zaproxy/action-baseline/issues/45)

### Changed
- Run action with Node 16.
- Update dependencies.
Expand Down
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ You do not have to create a dedicated token. Make sure to use the GitHub's defau
**Optional** By default ZAP Docker container will fail with an [exit code](https://github.com/zaproxy/zaproxy/blob/efb404d38280dc9ecf8f88c9b0c658385861bdcf/docker/zap-baseline.py#L31),
if it identifies any alerts. Set this option to `true` if you want to fail the status of the GitHub Scan if ZAP identifies any alerts during the scan.

### `artifact_name`

**Optional** By default the baseline action will attach the report to the build with the name `zap_scan`. Set this to a different string to name it something else. Consult [GitHub's documentation](https://github.com/actions/toolkit/blob/main/packages/artifact/docs/additional-information.md#non-supported-characters) for which artifact names are allowed.

## Example usage

** Basic **
Expand Down
4 changes: 4 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ inputs:
description: 'The action will file the report to the GitHub issue using the issue_title input'
required: false
default: true
artifact_name:
description: 'The name of the artifact that contains the ZAP reports'
required: false
default: 'zap_scan'
runs:
using: 'node16'
main: 'dist/index.js'
8 changes: 7 additions & 1 deletion dist/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -38335,6 +38335,7 @@ async function run() {
let issueTitle = core.getInput('issue_title');
let failAction = core.getInput('fail_action');
let allowIssueWriting = core.getInput('allow_issue_writing');
let artifactName = core.getInput('artifact_name');
let createIssue = true;

if (!(String(failAction).toLowerCase() === 'true' || String(failAction).toLowerCase() === 'false')) {
Expand All @@ -38345,6 +38346,11 @@ async function run() {
createIssue = false;
}

if (!artifactName) {
console.log('[WARNING]: \'artifact_name\' action input should not be empty. Setting it back to the default name.');
artifactName = 'zap_scan';
}

console.log('starting the program');
console.log('github run id :' + currentRunnerID);

Expand Down Expand Up @@ -38381,7 +38387,7 @@ async function run() {
console.log('Scanning process completed, starting to analyze the results!')
}
}
await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName, createIssue);
await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName, createIssue, artifactName);
} catch (error) {
core.setFailed(error.message);
}
Expand Down
8 changes: 7 additions & 1 deletion index.js
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ async function run() {
let issueTitle = core.getInput('issue_title');
let failAction = core.getInput('fail_action');
let allowIssueWriting = core.getInput('allow_issue_writing');
let artifactName = core.getInput('artifact_name');
thc202 marked this conversation as resolved.
Show resolved Hide resolved
let createIssue = true;

if (!(String(failAction).toLowerCase() === 'true' || String(failAction).toLowerCase() === 'false')) {
Expand All @@ -32,6 +33,11 @@ async function run() {
createIssue = false;
}

if (!artifactName) {
console.log('[WARNING]: \'artifact_name\' action input should not be empty. Setting it back to the default name.');
artifactName = 'zap_scan';
}

console.log('starting the program');
console.log('github run id :' + currentRunnerID);

Expand Down Expand Up @@ -68,7 +74,7 @@ async function run() {
console.log('Scanning process completed, starting to analyze the results!')
}
}
await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName, createIssue);
await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName, createIssue, artifactName);
} catch (error) {
core.setFailed(error.message);
}
Expand Down