github-action-docker/action.yml at main · embold/github-action-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: 'Embold'
description: 'Scan your code with Embold'
inputs:
  emboldUrl:
    description: 'URL of your Embold instance (e.g., https://packages.embold.io/)'
    required: true
    default: 'https://packages.embold.io/'
  emboldToken:
    description: 'Your Embold access token'
    required: true
    default: ''
  emboldRepoUid:
    description: 'Embold repository UID where the results will be published'
    required: true
    default: ''
  scannerDownloadUrl:
    description: 'URL to download the BrowserStack CQ Scanner'
    required: false
    default: 'https://v1.embold.io/nfs/CLI/browserstack-codequality-scanner.tar.gz'
  repositoryConfigPath:
    description: 'Path to the repository configuration JSON file'
    required: false
    default: 'repository-configuration.json'
  downloadConfig:
    description: 'Download repository configuration from Embold server'
    required: false
    default: 'false'
  configDownloadPath:
    description: 'Path where downloaded config will be saved'
    required: false
    default: 'repository-configuration.json'
  tempDirectory:
    description: 'Temporary directory for scanner artifacts'
    required: false
    default: './temp'
  baseDirectory:
    description: 'Base directory of the source code to scan'
    required: false
    default: '.'
  verbose:
    description: 'Enable verbose logging'
    required: false
    default: 'true'
  qualityGate:
    description: 'Enable quality gate checking'
    required: false
    default: 'false'
  continueOnError:
    description: 'Continue workflow execution even if scan fails'
    required: false
    default: 'true'
  snapshotLabel:
    description: 'Label to identify the snapshot published on Embold UI after a successful scan. Accepts a plain string or an environment variable.'
    required: false
    default: ''
outputs:
  status:
    description: 'Status of the scan'
  qualityGateStatus:
    description: 'Quality gate status (PASSED/FAILED)'
    value: ${{ steps.quality-gate.outputs.status }}
  qualityGateData:
    description: 'Quality gate detailed data'
    value: ${{ steps.quality-gate.outputs.data }}
runs:
  using: 'composite'
  steps:
    - name: Download Repository Configuration
      if: ${{ inputs.downloadConfig == 'true' }}
      shell: bash
      env:
        EMBOLD_TOKEN: ${{ inputs.emboldToken }}
      run: |
        curl --silent --location --request GET \
        "${{ inputs.emboldUrl }}/api/v1/repositories/${{ inputs.emboldRepoUid }}/scans/config/download" \
        --header "Authorization: Bearer $EMBOLD_TOKEN" \
        -o "${{ inputs.configDownloadPath }}"
        echo "Repository configuration downloaded to ${{ inputs.configDownloadPath }}"

    - name: Download and Unpack BrowserStack CQ Scanner
      shell: bash
      run: |
        curl ${{ inputs.scannerDownloadUrl }} -o browserstack-codequality-scanner-archive.tar.gz
        tar xvf browserstack-codequality-scanner-archive.tar.gz

    - name: Run Static Code Analysis
      shell: bash
      continue-on-error: ${{ inputs.continueOnError == 'true' }}
      env:
        EMBOLD_TOKEN: ${{ inputs.emboldToken }}
      run: |
        VERBOSE_FLAG=""
        if [ "${{ inputs.verbose }}" = "true" ]; then
          VERBOSE_FLAG="-v"
        fi

        QG_FLAG=""
        if [ "${{ inputs.qualityGate }}" = "true" ]; then
          QG_FLAG="-qg"
        fi

        SNAPSHOT_FLAG=""
        if [ -n "${{ inputs.snapshotLabel }}" ]; then
          SNAPSHOT_FLAG="-s \"${{ inputs.snapshotLabel }}\""
        fi

        ./browserstack-codequality-scanner/bin/embold-scanner analyse \
        -u "${{ inputs.emboldUrl }}" \
        -t "$EMBOLD_TOKEN" \
        -r "${{ inputs.emboldRepoUid }}" \
        -c "${{ inputs.repositoryConfigPath }}" \
        -d "${{ inputs.tempDirectory }}" \
        -b "${{ inputs.baseDirectory }}" \
        $VERBOSE_FLAG \
        $QG_FLAG \
        $SNAPSHOT_FLAG

    - name: Get Quality Gate Status
      if: ${{ inputs.qualityGate == 'true' }}
      id: quality-gate
      shell: bash
      env:
        EMBOLD_TOKEN: ${{ inputs.emboldToken }}
      run: |
        echo "Fetching quality gate status..."

        response=$(curl --silent --http1.1 -X GET \
        "${{ inputs.emboldUrl }}/api/v1/repositories/${{ inputs.emboldRepoUid }}/qualitygateprofiles" \
        -H "Authorization: Bearer $EMBOLD_TOKEN")

        status=$(echo "$response" | grep -o '"status":"[^"]*"' | head -1 | cut -d'"' -f4)

        echo "Quality Gate Status: $status"
        echo "status=$status" >> $GITHUB_OUTPUT
        echo "data=$response" >> $GITHUB_OUTPUT

        echo "::notice title=Quality Gate::Status: $status"