Merge pull request #118 from advanced-security/ljones140/add-snapshot-inputs

Add Snapshot inputs

Author: ljones140

action.yml

@@ -27,6 +27,21 @@ inputs:
   correlator:
     description: 'An optional identifier to distinguish between multiple dependency snapshots of the same type.'
     required: false
+  detector-name:
+    description: 'The name of the detector. If provided, detector-version and detector-url must also be provided.'
+    required: false
+  detector-version:
+    description: 'The version of the detector. If provided, detector-name and detector-url must also be provided.'
+    required: false
+  detector-url:
+    description: 'The URL of the detector. If provided, detector-name and detector-version must also be provided.'
+    required: false
+  snapshot-sha:
+    description: 'The SHA of the commit to associate with the snapshot. If provided, snapshot-ref must also be provided.'
+    required: false
+  snapshot-ref:
+    description: 'The Git reference to associate with the snapshot. If provided, snapshot-sha must also be provided.'
+    required: false
 runs:
   using: 'node20'
   main: 'dist/index.js'

dist/index.js

@@ -13,27 +13,65 @@ import {
 import ComponentDetection from './componentDetection';
 
 async function run() {
-  let manifests = await ComponentDetection.scanAndGetManifests(core.getInput('filePath'));
-  const correlatorInput = core.getInput('correlator')?.trim() || github.context.job;
-  
-  let snapshot = new Snapshot({
-      name: "Component Detection",
-      version: "0.0.1",
-      url: "https://github.com/advanced-security/component-detection-dependency-submission-action",
-  }, 
-  github.context,
-  {
+  let manifests = await ComponentDetection.scanAndGetManifests(
+    core.getInput("filePath")
+  );
+  const correlatorInput =
+    core.getInput("correlator")?.trim() || github.context.job;
+
+  // Get detector configuration inputs
+  const detectorName = core.getInput("detector-name")?.trim();
+  const detectorVersion = core.getInput("detector-version")?.trim();
+  const detectorUrl = core.getInput("detector-url")?.trim();
+
+  // Validate that if any detector config is provided, all must be provided
+  const hasAnyDetectorInput = detectorName || detectorVersion || detectorUrl;
+  const hasAllDetectorInputs = detectorName && detectorVersion && detectorUrl;
+
+  if (hasAnyDetectorInput && !hasAllDetectorInputs) {
+    core.setFailed(
+      "If any detector configuration is provided (detector-name, detector-version, detector-url), all three must be provided."
+    );
+    return;
+  }
+
+  // Use provided detector config or defaults
+  const detector = hasAllDetectorInputs
+    ? {
+        name: detectorName,
+        version: detectorVersion,
+        url: detectorUrl,
+      }
+    : {
+        name: "Component Detection",
+        version: "0.0.1",
+        url: "https://github.com/advanced-security/component-detection-dependency-submission-action",
+      };
+
+  let snapshot = new Snapshot(detector, github.context, {
     correlator: correlatorInput,
-    id: github.context.runId.toString()
+    id: github.context.runId.toString(),
   });
 
   core.debug(`Manifests: ${manifests?.length}`);
 
-  manifests?.forEach(manifest => {
+  manifests?.forEach((manifest) => {
     core.debug(`Manifest: ${JSON.stringify(manifest)}`);
     snapshot.addManifest(manifest);
   });
 
+  // Override snapshot ref and sha if provided
+  const snapshotSha = core.getInput("snapshot-sha")?.trim();
+  const snapshotRef = core.getInput("snapshot-ref")?.trim();
+
+  if (snapshotSha) {
+    snapshot.sha = snapshotSha;
+  }
+
+  if (snapshotRef) {
+    snapshot.ref = snapshotRef;
+  }
+
   submitSnapshot(snapshot);
 }