chains-project · randomicecube · May 9, 2025 · May 9, 2025 · May 9, 2025 · May 11, 2025
diff --git a/README.md b/README.md
@@ -41,7 +41,7 @@ SSC issues currently checked for:
 | debug                 | Enable debug mode                                                                                  | No       | false                      |
 | config                | Path to the configuration file, relative to your project's root                                    | No       | -                          |
 | gradual_report        | Enable gradual report functionality                                                                | No       | true                       |
-| fail_on_high_severity | Fail CI on high severity issues                                                                    | No       | true                       |
+| fail_on_min_severity  | Break CI if any issues with this severity (or higher) are found                                    | No       | critical                   |
 | x_to_fail             | Percentage threshold to break CI on high or medium severity issues (per type of issue)             | No       | 5% of packages             |
 | allow_pr_comment      | Post analysis results as a PR comment if CI breaks                                                 | No       | true                       |
 | comment_on_commit     | Post analysis results as a commit comment if CI breaks                                             | No       | false                      |

diff --git a/action.yml b/action.yml
@@ -49,10 +49,10 @@ inputs:
     description: 'Enable gradual report functionality'
     required: false
     default: 'true'
-  fail_on_high_severity:
-    description: 'Break CI if high severity issues are found'
+  fail_on_min_severity:
+    description: 'Break CI if any issues with this severity (or higher) are found'
     required: false
-    default: 'true'
+    default: 'critical'
   x_to_fail:
     description: 'Percentage threshold for the number of high or medium severity issues to fail the CI'
     required: false
@@ -105,7 +105,7 @@ runs:
     - name: Restore cache
       uses: actions/cache/restore@v4.2.3
       id: restore-cache
-      if: inputs.ignore_cache != 'true'
+      if: ${{ inputs.ignore_cache != true && inputs.ignore_cache != 'true' }}
       with:
         path: tool/cache
         key: dirty-waters-cache-${{ runner.os }}-${{ inputs.project_repo }}-${{ inputs.github_event_before }}
@@ -121,7 +121,7 @@ runs:
         git clone https://github.com/chains-project/dirty-waters.git
         cd dirty-waters
         # The version is pinned to the latest dirty-waters release at the time of the action release
-        DIRTY_WATERS_VERSION="v0.97.0"
+        DIRTY_WATERS_VERSION="6065c48e8d770adc9679a229ce31cfbe4f2aa99b" # change to main version before merge
         git checkout $DIRTY_WATERS_VERSION
         pip install -r requirements.txt
 
@@ -195,13 +195,29 @@ runs:
         # Check for CI failure conditions
         CI_WILL_FAIL=0
 
-        # Check for high severity issues
-        if [ "${{ inputs.fail_on_high_severity }}" == "true" ]; then
-            echo "[DEBUG] Fails on high severity, checking for any high severity issues"
-            if [[ $(cat "$latest_report" | grep -o "(⚠️⚠️⚠️): [0-9]*" | grep -o "[0-9]*" | sort -nr | head -n1) -gt 0 ]]; then
-                echo "High severity issues found. CI will fail."
-                CI_WILL_FAIL=1
+        # Check if min-severity issues are in the report
+        if [ -n "${{ inputs.fail_on_min_severity }}" ]; then
+            declare -A severity_map=( ["low"]=1 ["medium"]=2 ["high"]=3 ["critical"]=4 )
+            min_severity="${{ inputs.fail_on_min_severity }}"
+            min_level=${severity_map[$min_severity]}
+
+            if [ -z "$min_level" ]; then
+                echo "[ERROR] Invalid value for fail_on_min_severity: $min_severity"
+                exit 1
             fi
+
+            echo "[DEBUG] Fail on severity level '$min_severity' and above (level $min_level)"
+
+            for severity_level in $(seq "$min_level" 4); do
+                warning_icons=$(printf '⚠️%.0s' $(seq 1 "$severity_level"))
+                for count in $(cat "$latest_report" | grep -o "(${warning_icons}): [0-9]*" | grep -o "[0-9]*"); do
+                    if [ "$count" -gt 0 ]; then
+                        echo "Severity level $severity_level or higher issue(s) found. CI will fail."
+                        CI_WILL_FAIL=1
+                        break
+                    fi
+                done
+            done
         fi
 
         # function from https://unix.stackexchange.com/questions/137110/comparison-of-decimal-numbers-in-bash