Create Github Container Action

[abhisek]

Requirements

Create Github container action for using vet as a Github action.

Guiding Principal

• Use good defaults
• Allow overriding parameters
• Allow supplying custom filters & filter suites
• Provide workflow experience instead of tool experience

Workflow over Tool

This is a tool experience

./vet scan ...

This is a workflow experience

steps:
  - name: OSS Vet
    uses: safedep/vet
    with:
      fail_on_match: true  # This is default
      suite: default             # or .vet/suites/custom.yml
      exceptions: .vet/exceptions.yml

[abhisek]

To setup a Python lib in CI, we had to do some workarounds since we do not support resolving dependencies from setup.py.

python setup.py install
pip freeze > tmp_requirements.txt

Subsequently we run vet to scan the generated requirements

vet scan -D tmp_requirements.txt --lockfile-as requirements.txt ...

@jchauhan Feel free to add your thoughts here.

[abhisek]

There are just too many command line options. Also new options will be added. The DevEx will be very bad if we build an Action on top of command line arguments.

We should define a config file specification that can be used to configure vet runs in CI using Github action. That will offload all configuration to a file and it can simply be invoked using Github action