listendev/action

Get real-time dependency insights in your pull requests 🐬

See demo video.

Usage

See action.yml.

Basic

steps:
  - uses: listendev/action@v0.2.2

Full

steps:
  - uses: listendev/action@v0.2.2
    with:
      # The Github API token.
      # Defaults to ${{ github.token }}
      token: "..."
      # The lstn version.
      # Defaults to the latest lstn release tag.
      lstn: "vX.Y.Z"
      # The working directory relative to the root one.
      # Defaults to the root directory.
      workdir: "."
      # One or more reporting mechanisms (gh-pull-comment,gh-pull-review,gh-pull-check)
      reporter: "gh-pull-comment"
      # Addition lstn flags for power users
      lstn_flags: ""

Examples

Let's say you want results in JSON format...

steps:
  - uses: listendev/action@v0.2.2
    with:
      lstn_flags: "--json"

Let's say you only care for high severity verdicts...

steps:
  - uses: listendev/action@v0.2.2
    with:
      lstn: "v0.9.0"
      lstn_flags: "--select '@.severity == \"high\"'"

You can select the verdicts also with the select input.

Let's say we only care for dynamic instrumentation verdicts regarding processes...

steps:
  - uses: listendev/action@v0.2.2
    with:
      select: "(@.file =~ \"^dynamic\" && \"process\" in @.categories)"

Development

To develop this GitHub action you first need to install its dependencies:

npm run i

You can then use npm run build to compile it. Also, remember that we check on every pull request that you've run this command, as to avoid the dist/ directory to be out of sync.

You can also run unit tests locally with the npm run test command.

The CI makes extensive use of the official GitHub reusable workflows for developing actions following best practices (see the .github directory).

License

The scripts and documentation in this project are released under the Apache 2.0 license.

Contributions

Contributions are always welcome!

See contributor's guide.

Code of Conduct

Practice kindness. ✨

See our code of conduct.