From 35126486cde0b768d8ba1e430513de61cd31a9af Mon Sep 17 00:00:00 2001 From: Yolanda Robla Date: Tue, 30 Apr 2024 15:39:52 +0200 Subject: [PATCH] fix: do not use nested parameters Figured that this is not supported, and need to use flat structure --- README.md | 3 ++- action.yml | 66 ++++++++++++++++++++++++++---------------------------- main.go | 10 ++++----- 3 files changed, 39 insertions(+), 40 deletions(-) diff --git a/README.md b/README.md index 5d1ecb3..df7a3a8 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,8 @@ jobs: - name: TrustyPkg Action uses: stacklok/trusty-action@v0.0.1 with: - score_threshold: 5 + global_threshold: 5 + provenance_threshold: 5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` diff --git a/action.yml b/action.yml index 0441a7c..9105f46 100644 --- a/action.yml +++ b/action.yml @@ -4,40 +4,38 @@ inputs: GITHUB_TOKEN: description: "GitHub token" required: true - thresholds: - global: - description: "Raise global score below this score as an issue" - required: false - default: 5 - repo_activity: - description: "Raise repo activity below this score as an issue" - required: false - default: 0 - author_activity: - description: "Raise author activity below this score as an issue" - required: false - default: 0 - provenance: - description: "Raise provenance below this score as an issue" - required: false - default: 0 - typosquatting: - description: "Raise typosquatting below this score as an issue" - required: false - default: 0 - fail_on: - malicious: - description: "Fail if package is malicious" - required: false - default: true - deprecated: - description: "Fail if package is deprecated" - required: false - default: true - archived: - description: "Fail if repo is archived" - required: false - default: true + global_threshold: + description: "Raise global score below this score as an issue" + required: false + default: 5 + repo_activity_threshold: + description: "Raise repo activity below this score as an issue" + required: false + default: 0 + author_activity_threshold: + description: "Raise author activity below this score as an issue" + required: false + default: 0 + provenance_threshold: + description: "Raise provenance below this score as an issue" + required: false + default: 0 + typosquatting_threshold: + description: "Raise typosquatting below this score as an issue" + required: false + default: 0 + fail_on_malicious: + description: "Fail if package is malicious" + required: false + default: true + fail_on_deprecated: + description: "Fail if package is deprecated" + required: false + default: true + fail_on_archived: + description: "Fail if repo is archived" + required: false + default: true runs: using: "docker" image: "Dockerfile" diff --git a/main.go b/main.go index 0b2d8f2..d29f1a4 100644 --- a/main.go +++ b/main.go @@ -59,11 +59,11 @@ func parseFail(failStr string, defaultFail string) bool { func main() { ctx := context.Background() - globalThreshold := parseScore(os.Getenv("INPUT_THRESHOLDS_GLOBAL"), "5") - repoActivityThreshold := parseScore(os.Getenv("INPUT_THRESHOLDS_REPO_ACTIVITY"), "0") - authorActivityThreshold := parseScore(os.Getenv("INPUT_THRESHOLDS_AUTHOR_ACTIVITY"), "0") - provenanceThreshold := parseScore(os.Getenv("INPUT_THRESHOLDS_PROVENANCE"), "0") - typosquattingThreshold := parseScore(os.Getenv("INPUT_THRESHOLDS_TYPOSQUATTING"), "0") + globalThreshold := parseScore(os.Getenv("INPUT_GLOBAL_THRESHOLD"), "5") + repoActivityThreshold := parseScore(os.Getenv("INPUT_REPO_ACTIVITY_THRESHOLD"), "0") + authorActivityThreshold := parseScore(os.Getenv("INPUT_AUTHOR_ACTIVITY_THRESHOLD"), "0") + provenanceThreshold := parseScore(os.Getenv("INPUT_PROVENANCE_THRESHOLD"), "0") + typosquattingThreshold := parseScore(os.Getenv("INPUT_TYPOSQUATTING_THRESHOLD"), "0") failOnMalicious := parseFail(os.Getenv("INPUT_FAIL_ON_MALICIOUS"), "true") failOnDeprecated := parseFail(os.Getenv("INPUT_FAIL_ON_DEPRECATED"), "true")