fix: explicit firewall-x modes

ahmadnassri · ahmadnassri · commit 91f00879a7fc · 2025-10-08T18:54:31.000-04:00
diff --git a/README.md b/README.md
@@ -7,9 +7,59 @@ A GitHub Action for running [Socket.dev](https://socket.dev)
 
 ## Usage
 
+This action can run in multiple modes:
+
+- [Socket Firewall: Free](#socket-firewall-free)
+- [Socket Firewall: Enterprise](#socket-firewall-enterprise)
+- Socket CLI: _Coming soon_
+
 ### Socket Firewall: Free
 
-Downloads and installs [Socket Firewall: Free](https://github.com/SocketDev/sfw-free) in your GitHub Action job, making it available to use in subsequent steps.
+Downloads and installs [Socket Firewall: Free](https://github.com/SocketDev/sfw-free) edition in your GitHub Action job, making it available to use in subsequent steps.
+
+```yaml
+on: push
+
+jobs:
+  safe-install:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: SocketDev/action@v1
+        with:
+          mode: firewall-free
+
+      # javascript / typescript
+      - run: sfw npm install # or yarn, pnpm
+
+      # rust
+      - run: sfw cargo fetch
+
+      # python
+      - run: sfw pip install -r requirements.txt
+```
+
+#### Inputs
+
+| Input              | Description                                           | Required | Default              |
+| ------------------ | ----------------------------------------------------- | -------- | -------------------- |
+| `firewall-version` | Specify the firewall version number                   | No       | `latest`             |
+| `job-summary`      | Create a [job summary][job-summary]                   | No       | `true`               |
+| `use-cache`        | Cache the Socket binaries (force download if `false`) | No       | `true`               |
+| `github-token`     | GitHub API Token used for downloading binaries        | No       | `${{ github.token}}` |
+
+#### Outputs
+
+| Output                 | Description                                |
+| ---------------------- | ------------------------------------------ |
+| `firewall-path-report` | Path to the generated firewall report JSON |
+| `firewall-path-binary` | Path to the installed binary               |
+
+### Socket Firewall: Enterprise
+
+Downloads and installs [Socket Firewall: Enterprise](https://github.com/SocketDev/firewall-release) edition in your GitHub Action job, making it available to use in subsequent steps as a wrapper.
 
 ```yaml
 on: push
@@ -23,7 +73,8 @@ jobs:
 
       - uses: SocketDev/action@v1
         with:
-          mode: firewall
+          mode: firewall-enterprise
+          socket-token: ${{ secrets.SOCKET_API_KEY }}
 
       # javascript / typescript
       - run: sfw npm install # or yarn, pnpm
@@ -37,13 +88,12 @@ jobs:
 
 #### Inputs
 
-| Input              | Description                                                  | Required | Default              |
-| ------------------ | ------------------------------------------------------------ | -------- | -------------------- |
-| `mode`             | Specify run mode (currently only supporting `firewall` mode) | Yes      | `-`                  |
-| `firewall-version` | Specify the firewall version number                          | No       | `latest`             |
-| `job-summary`      | Create a [job summary][job-summary]                          | No       | `true`               |
-| `use-cache`        | Cache the Socket binaries (force download if `false`)        | No       | `true`               |
-| `github-token`     | GitHub API Token used for downloading binaries               | No       | `${{ github.token}}` |
+| Input              | Description                                           | Required | Default              |
+| ------------------ | ----------------------------------------------------- | -------- | -------------------- |
+| `firewall-version` | Specify the firewall version number                   | No       | `latest`             |
+| `job-summary`      | Create a [job summary][job-summary]                   | No       | `true`               |
+| `use-cache`        | Cache the Socket binaries (force download if `false`) | No       | `true`               |
+| `github-token`     | GitHub API Token used for downloading binaries        | **YES**  | `${{ github.token}}` |
 
 #### Outputs
 
@@ -53,3 +103,4 @@ jobs:
 | `firewall-path-binary` | Path to the installed binary               |
 
 [job-summary]: https://github.blog/news-insights/product-news/supercharging-github-actions-with-job-summaries
+[job-summary]: https://github.blog/news-insights/product-news/supercharging-github-actions-with-job-summaries
diff --git a/src/main.js b/src/main.js
@@ -25,25 +25,31 @@ const inputs = {
   jobSummary: core.getBooleanInput('job-summary')
 }
 
-let edition = 'free'
-
 if (inputs.tokenSocket) {
   // setup socket token as a secret env
   core.exportVariable('SOCKET_API_KEY', inputs.tokenSocket)
   core.setSecret(inputs.tokenSocket)
-
-  // use Enterprise Firewall
-  edition = 'enterprise'
 }
 
 core.debug(`Installing Socket Action in ${inputs.mode} mode`)
 
 switch (inputs.mode) {
   case 'firewall': {
+    const edition = inputs.tokenSocket ? 'enterprise' : 'free'
     await firewall({ edition, ...inputs })
     break
   }
 
+  case 'firewall-free': {
+    await firewall({ edition: 'free', ...inputs })
+    break
+  }
+
+  case 'firewall-enterprise': {
+    await firewall({ edition: 'enterprise', ...inputs })
+    break
+  }
+
   // TODO
   // case 'cli': {
   //   await cli()
