diff --git a/action.yml b/action.yml index 63a33e8..5180b24 100644 --- a/action.yml +++ b/action.yml @@ -26,10 +26,26 @@ inputs: required: false default: ${{ github.token }} description: 'GitHub API Token' + global_params: + required: false + default: '' + description: 'Global parameters applied to all cx commands' + scan_params: + required: false + default: '' + description: 'Additional parameters for cx scan command only' + utils_params: + required: false + default: '' + description: 'Additional parameters for cx utils pr command only' + results_params: + required: false + default: '' + description: 'Additional parameters for cx results show command only' additional_params: required: false default: '' - description: 'Additional parameters for AST scan' + description: '[DEPRECATED] Use scan_params instead. Additional parameters for AST scan' repo_name: required: false default: ${{ github.event.repository.name }} @@ -62,6 +78,10 @@ runs: - ${{ inputs.github_token }} - ${{ inputs.project_name }} - ${{ inputs.additional_params }} + - ${{ inputs.global_params }} + - ${{ inputs.scan_params }} + - ${{ inputs.utils_params }} + - ${{ inputs.results_params }} - ${{ inputs.repo_name }} - ${{ inputs.namespace }} - ${{ inputs.pr_number }} @@ -79,6 +99,10 @@ runs: BRANCH: ${{ inputs.branch }} PROJECT_NAME: ${{ inputs.project_name }} ADDITIONAL_PARAMS: ${{ inputs.additional_params }} + GLOBAL_PARAMS: ${{ inputs.global_params }} + SCAN_PARAMS: ${{ inputs.scan_params }} + UTILS_PARAMS: ${{ inputs.utils_params }} + RESULTS_PARAMS: ${{ inputs.results_params }} REPO_NAME: ${{ inputs.repo_name }} NAMESPACE: ${{ inputs.namespace }} PR_NUMBER: ${{ inputs.pr_number }} diff --git a/entrypoint.sh b/entrypoint.sh index cb9c9f1..2517420 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -42,11 +42,46 @@ if [[ -n "$REGISTRIES" ]]; then else echo "⚠️ No REGISTRIES specified, skipping auth.json creation." fi -# ------------------------------------------------------ -# Parse additional params into array -eval "arr=(${ADDITIONAL_PARAMS})" -/app/bin/cx scan create --project-name "${PROJECT_NAME}" -s "${SOURCE_DIR}" --branch "${BRANCH#refs/heads/}" --scan-info-format json --agent "Github Action" "${arr[@]}" | tee -i $output_file +# Parse global params (applied to all commands) +if [ -n "${GLOBAL_PARAMS}" ]; then + eval "global_arr=(${GLOBAL_PARAMS})" +else + global_arr=() +fi + +# Parse scan-specific params +if [ -n "${SCAN_PARAMS}" ]; then + eval "scan_arr=(${SCAN_PARAMS})" +else + scan_arr=() +fi + +# Parse utils-specific params +if [ -n "${UTILS_PARAMS}" ]; then + eval "utils_arr=(${UTILS_PARAMS})" +else + utils_arr=() +fi + +# Parse results-specific params +if [ -n "${RESULTS_PARAMS}" ]; then + eval "results_arr=(${RESULTS_PARAMS})" +else + results_arr=() +fi + +# Backward compatibility: Support ADDITIONAL_PARAMS +if [ -n "${ADDITIONAL_PARAMS}" ] && [ -z "${SCAN_PARAMS}" ]; then + echo "⚠️ ADDITIONAL_PARAMS is deprecated. Please use SCAN_PARAMS instead." + eval "scan_arr=(${ADDITIONAL_PARAMS})" +fi + +# Combine global + scan-specific params +combined_scan_params=("${global_arr[@]}" "${scan_arr[@]}") + + +/app/bin/cx scan create --project-name "${PROJECT_NAME}" -s "${SOURCE_DIR}" --branch "${BRANCH#refs/heads/}" --scan-info-format json --agent "Github Action" "${combined_scan_params[@]}" | tee -i $output_file exitCode=${PIPESTATUS[0]} scanId=(`grep -E '"(ID)":"((\\"|[^"])*)"' $output_file | cut -d',' -f1 | cut -d':' -f2 | tr -d '"'`) @@ -55,14 +90,18 @@ echo "cxcli=$(cat $output_file | tr -d '\r\n')" >> $GITHUB_OUTPUT if [ -n "$scanId" ] && [ -n "${PR_NUMBER}" ]; then echo "Creating PR decoration for scan ID:" $scanId - /app/bin/cx utils pr github --scan-id "${scanId}" --namespace "${NAMESPACE}" --repo-name "${REPO_NAME}" --pr-number "${PR_NUMBER}" --token "${GITHUB_TOKEN}" + # Combine global + utils-specific params + combined_utils_params=("${global_arr[@]}" "${utils_arr[@]}") + /app/bin/cx utils pr github --scan-id "${scanId}" --namespace "${NAMESPACE}" --repo-name "${REPO_NAME}" --pr-number "${PR_NUMBER}" --token "${GITHUB_TOKEN}" "${combined_utils_params[@]}" else echo "PR decoration not created." fi if [ -n "$scanId" ]; then - /app/bin/cx results show --scan-id "${scanId}" --report-format markdown + # Combine global + results-specific params + combined_results_params=("${global_arr[@]}" "${results_arr[@]}") + /app/bin/cx results show --scan-id "${scanId}" --report-format markdown "${combined_results_params[@]}" cat ./cx_result.md >$GITHUB_STEP_SUMMARY rm ./cx_result.md echo "cxScanID=$scanId" >> $GITHUB_OUTPUT