This action runs a sourcehawk
scan on the repository source code.
The root of the source code to scan
Default: .
(root of the repository)
The configuration file path (relative path, absolute path, or even URL)
Default: sourcehawk.yml
The output format of the scan
Default: TEXT
Valid Values: TEXT
, JSON
, MARKDOWN
The configuration file path
Default: sourcehawk-scan-results.txt
Whether or not to fail the scan if only warnings exist
Default: false
Whether or not to fail the build if the scan fails
Default: true
Boolean value determining if the scan has passed - true
if the passed, false
otherwise
The below example accepts all the defaults
uses: optum/sourcehawk-scan-github-action@v1
Scan will be considered a failure, if warnings are found
uses: optum/sourcehawk-scan-github-action@v1
with:
fail-on-warnings: true
Provide the location to a configuration file in a custom path
uses: optum/sourcehawk-scan-github-action@v1
with:
config-file: .sourcehawk/config.yml
Output the scan results in JSON
format
uses: optum/sourcehawk-scan-github-action@v1
with:
output-format: JSON
output-file: sourcehawk-scan-results.json
Below is an example workflow to run a scan on pull requests. The workflow checks out the source code, runs the scan, prints that the scan passed if it was successful, and then archives the scan results file.
name: Build
on:
pull_request:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Sourcehawk Scan
id: sourcehawk
uses: optum/sourcehawk-scan-github-action@v1
with:
output-format: JSON
output-file: sourcehawk-scan-results.json
- name: Determine Sourcehawk Scan Results
if: steps.sourcehawk.outputs.scan-passed == 'true'
run: echo "Sourcehawk scan passed!"
- name: Upload Scan Results
uses: actions/upload-artifact@v2
with:
name: sourcehawk
path: sourcehawk-scan-results.json
The Dockerfile
, shell scripts, and documentation in the github action are released with the
Apache 2.0 license.
Please read our CONTRIBUTING.md for guidelines on contributing to this github action.
./test.sh