-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathaction.yml
More file actions
118 lines (107 loc) · 3.79 KB
/
action.yml
File metadata and controls
118 lines (107 loc) · 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: "mobbdev"
description: "Mobb automatic vulnerability fixer action"
branding:
icon: aperture
color: blue
inputs:
report-file:
description: "Path to SAST report file"
required: true
api-key:
description: "Mobb API key"
required: true
github-token:
description: "GitaHub Token"
required: true
mobb-project-name:
description: "Mobb Project Name"
required: false
auto-pr:
description: "Auto-PR flag"
required: false
commit-directly:
description: "Commit Directly flag, this requires Auto-PR flag to be set. Once enabled, Mobb will commit the fixes directly to the branch"
required: false
organization-id:
description: "Organization ID"
required: false
outputs:
fix-report-url:
description: "Mobb fix report URL"
value: ${{ steps.run-npx-mobb-dev.outputs.fix-report-url }}
runs:
using: "composite"
steps:
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 18
- id: run-npx-mobb-dev
run: |
REPO=$(git remote get-url origin)
REPO=${REPO%".git"}
BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
echo "REPO: $REPO"
echo "BRANCH: $BRANCH"
# npx --yes mobbdev@latest is kept on its own line so test tooling
# (autofixer CI) can sed-replace it with a local build command.
MOBB_EXEC=(npx --yes mobbdev@latest)
MOBB_ARGS=(
analyze --ci
-r "$REPO"
--ref "$BRANCH"
--api-key "$MOBB_API_KEY"
-f "$REPORT_FILE"
)
# Check if mobb-project-name exists and append it
if [ -n "$MOBB_PROJECT_NAME" ]; then
echo "mobb-project-name specified: $MOBB_PROJECT_NAME"
MOBB_ARGS+=(--mobb-project-name "$MOBB_PROJECT_NAME")
fi
# Check if organization-id exists and append it
if [ -n "$MOBB_ORG_ID" ]; then
echo "organization-id specified: $MOBB_ORG_ID"
MOBB_ARGS+=(--organization-id "$MOBB_ORG_ID")
fi
# Check if auto-pr flag is set append it
if [ "$AUTO_PR" == "true" ]; then
echo "Auto-PR flag is set"
MOBB_ARGS+=(--auto-pr)
fi
# Check if commit-directly flag is set append it to the Mobb CLI command
if [ "$COMMIT_DIRECTLY" == "true" ]; then
echo "Commit Directly flag is set"
MOBB_ARGS+=(--commit-directly)
# Check if the action is running in the context of a pull request
PR_ID="$PR_NUMBER_ENV"
if [ -n "$PR_ID" ]; then
echo "Pull Request ID detected: $PR_ID"
MOBB_ARGS+=(--pr-id "$PR_ID")
else
echo "No Pull Request detected. Skipping --pr-id flag."
fi
fi
OUT=$(env "${MOBB_EXEC[@]}" "${MOBB_ARGS[@]}")
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
exit $RETVAL
fi
OUT=$(echo "$OUT" | tr '\n' ' ')
MOBB_URL=$(echo "$OUT" | grep -oE 'https://[^ ]+' | head -1)
echo "fix-report-url=$MOBB_URL" >> "$GITHUB_OUTPUT"
echo "Mobb URL: $MOBB_URL"
shell: bash
env:
MOBB_API_KEY: ${{ inputs.api-key }}
REPORT_FILE: ${{ inputs.report-file }}
MOBB_PROJECT_NAME: ${{ inputs.mobb-project-name }}
MOBB_ORG_ID: ${{ inputs.organization-id }}
AUTO_PR: ${{ inputs.auto-pr }}
COMMIT_DIRECTLY: ${{ inputs.commit-directly }}
PR_NUMBER_ENV: ${{ github.event.pull_request.number }}
- uses: Sibz/github-status-action@33dcef57b1a833b6a2e50679cd8dece3193c0f03 # v1
with:
authToken: ${{ inputs.github-token }}
context: "Mobb fix report link"
state: "success"
target_url: ${{ steps.run-npx-mobb-dev.outputs.fix-report-url }}
sha: ${{github.event.pull_request.head.sha || github.sha}}