|
1 | | -# Socket Security GitHub Actions Workflow |
2 | | -# This workflow runs Socket Security scans on every commit to any branch |
3 | | -# It automatically detects git repository information and handles different event types |
4 | 1 |
|
5 | | -name: socket-security-workflow |
6 | | -run-name: Socket Security Github Action |
7 | | - |
8 | | -on: |
9 | | - push: |
10 | | - branches: ['**'] # Run on all branches, all commits |
11 | | - pull_request: |
12 | | - types: [opened, synchronize, reopened] |
13 | | - issue_comment: |
14 | | - types: [created] |
15 | | - |
16 | | -# Prevent concurrent runs for the same commit |
17 | | -concurrency: |
18 | | - group: socket-scan-${{ github.ref }}-${{ github.sha }} |
19 | | - cancel-in-progress: true |
20 | | - |
21 | | -jobs: |
22 | | - socket-security: |
23 | | - permissions: |
24 | | - issues: write |
25 | | - contents: read |
26 | | - pull-requests: write |
27 | | - runs-on: ubuntu-latest |
28 | | - |
29 | | - steps: |
30 | | - - uses: actions/checkout@v4 |
31 | | - with: |
32 | | - # For PRs, fetch one additional commit for proper diff analysis |
33 | | - fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }} |
34 | | - |
35 | | - - uses: actions/setup-python@v5 |
36 | | - with: |
37 | | - python-version: '3.12' |
38 | | - |
39 | | - - name: Install Socket CLI |
40 | | - run: pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==2.2.5.dev3 |
41 | | - |
42 | | - |
43 | | - - name: Run Socket Security Scan |
44 | | - env: |
45 | | - SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }} |
46 | | - GH_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
47 | | - run: | |
48 | | - # Determine PR number based on event type |
49 | | - PR_NUMBER=0 |
50 | | - if [ "${{ github.event_name }}" == "pull_request" ]; then |
51 | | - PR_NUMBER=${{ github.event.pull_request.number }} |
52 | | - elif [ "${{ github.event_name }}" == "issue_comment" ]; then |
53 | | - PR_NUMBER=${{ github.event.issue.number }} |
54 | | - fi |
55 | | - |
56 | | - # Run Socket CLI with minimal required parameters |
57 | | - # The CLI automatically detects: |
58 | | - # - Repository name from git |
59 | | - # - Branch name from git |
60 | | - # - Commit SHA from git |
61 | | - # - Commit message from git |
62 | | - # - Committer information from git |
63 | | - # - Default branch status from git and GitHub environment |
64 | | - # - Changed files from git commit |
65 | | - socketcli \ |
66 | | - --target-path $GITHUB_WORKSPACE \ |
67 | | - --scm github \ |
68 | | - --pr-number $PR_NUMBER |
0 commit comments