Skip to content

Commit

Permalink
Merge pull request #26 from kagkarlsson/main
Browse files Browse the repository at this point in the history 
Write pharos-result to github actions step-summary
  • Loading branch information
@omaen
omaen committed Apr 29, 2024
2 parents e9357f4 + 2420228 commit 9ba014f
Showing 1 changed file with 43 additions and 34 deletions.
77 changes: 43 additions & 34 deletions action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,46 +145,55 @@ runs:
error_end_message="Go to the Code Scanning section of the GitHub Security tab to review these vulnerabilities."
error_search_pr_message="Search for is:open pr:"$pr_number" to find PR related vulnerabilities."
if [[ $is_high_vuln_present == 'false' && $is_critical_vuln_present == 'false' ]]
then
echo "Success! No high or critical code scanning alerts.";
exit 0;
fi
_message="Undefined. Bug in this action. Fix."
_exit_code=0
if [[ $ALLOW_SEVERITY_LEVEL == 'medium' ]]
if [[ $is_high_vuln_present == 'false' && $is_critical_vuln_present == 'false' ]]
then
if [[ ${{ github.event_name }} == 'pull_request' ]]
_message="Success! No high or critical code scanning alerts."
_exit_code=0;
else
if [[ $ALLOW_SEVERITY_LEVEL == 'medium' ]]
then
echo ""$error_start_message" high or critical. "$error_end_message" "$error_search_pr_message"";
exit 1;
else
echo ""$error_start_message" high or critical found on branch "$REF_NAME". $error_end_message";
exit 1;
fi
elif [[ $ALLOW_SEVERITY_LEVEL == 'high' ]]
then
if [[ $is_critical_vuln_present == 'false' ]]
if [[ ${{ github.event_name }} == 'pull_request' ]]
then
_message="$error_start_message high or critical. $error_end_message $error_search_pr_message";
_exit_code=1
else
_message="$error_start_message high or critical found on branch '$REF_NAME'. $error_end_message";
_exit_code=1;
fi
elif [[ $ALLOW_SEVERITY_LEVEL == 'high' ]]
then
echo "Only high vulnerabilities detected! Allowing due to input ALLOW_SEVERITY_LEVEL being set to high.";
exit 0;
fi
if [[ ${{ github.event_name }} == 'pull_request' ]]
if [[ $is_critical_vuln_present == 'false' ]]
then
_message="Only high vulnerabilities detected! Allowing due to input ALLOW_SEVERITY_LEVEL being set to high.";
_exit_code=0;
fi

if [[ ${{ github.event_name }} == 'pull_request' ]]
then
_message="$error_start_message critical. $error_end_message $error_search_pr_message";
_exit_code=1
else
_message="$error_start_message critical found on '$REF_NAME' branch. $error_end_message";
_exit_code=1
fi

elif [[ $ALLOW_SEVERITY_LEVEL == 'critical' ]]
then
echo ""$error_start_message" critical. "$error_end_message" "$error_search_pr_message"";
exit 1;
_message="High or critical vulnerabilities detected! Allowing due to input ALLOW_SEVERITY_LEVEL being set to critical.";
_exit_code=0;

else
echo ""$error_start_message" critical found on "$REF_NAME" branch. $error_end_message";
exit 1;
_message="Input 'ALLOW_SEVERITY_LEVEL' was not one of the known values, found '$ALLOW_SEVERITY_LEVEL'. If you see this message, please contact SKIP.";
_exit_code=1
fi

elif [[ $ALLOW_SEVERITY_LEVEL == 'critical' ]]
then
echo "High or critical vulnerabilities detected! Allowing due to input ALLOW_SEVERITY_LEVEL being set to critical.";
exit 0;
else
echo "Input ALLOW_SEVERITY_LEVEL was not one of the known values, found "$ALLOW_SEVERITY_LEVEL". If you see this message, please contact SKIP.";
exit 1;
fi

[[ ${_exit_code} -gt 0 ]] && _summary_prefix=":x: " || _summary_prefix=""
echo "${_message}";
echo "${_summary_prefix}${_message}" >> $GITHUB_STEP_SUMMARY;
exit ${_exit_code};

0 comments on commit 9ba014f

Please sign in to comment.