feat: initial version

Author: sdn4z

.github/release.yml

@@ -0,0 +1,19 @@
+changelog:
+  exclude:
+    labels:
+      - ignore-for-release
+    authors:
+      - octocat
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - breaking
+    - title: New Features 🎉
+      labels:
+        - feature
+    - title: Fixes 🔧
+      labels:
+        - fix
+    - title: Other Changes
+      labels:
+        - "*"

.github/workflows/bump-version.yml

@@ -0,0 +1,29 @@
+name: Bump version
+
+on:
+  workflow_dispatch:
+jobs:
+  bump_version:
+    if: "!startsWith(github.event.head_commit.message, 'bump:') && github.ref == 'refs/heads/main'"
+    runs-on: ubuntu-latest
+    name: "Bump version and create changelog with commitizen"
+    steps:
+      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        id: app-token
+        with:
+          app-id: ${{ vars.ELEMENTSINTERACTIVE_BOT_APP_ID }}
+          private-key: ${{ secrets.ELEMENTSINTERACTIVE_BOT_PRIVATE_KEY }}
+      - uses: actions/checkout@@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+          token: ${{ steps.app-token.outputs.token }}
+          ref: ${{ github.head_ref }}
+          # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
+          persist-credentials: false
+      - id: cz
+        name: Create bump and changelog
+        uses: commitizen-tools/commitizen-action@5b0848cd060263e24602d1eba03710e056ef7711 # v0.24.0
+        with:
+          github_token: ${{ steps.app-token.outputs.token }}
+      - name: Print Version
+        run: echo "Bumped to version ${{ steps.cz.outputs.version }}"

.github/workflows/conventional-label.yaml

@@ -0,0 +1,12 @@
+on:
+  pull_request_target:
+    branches: ["main"]
+
+name: conventional-release-labels
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: bcoe/conventional-release-labels@886f696738527c7be444262c327c89436dfb95a8 #v1.3.1
+        with:
+          type_labels: '{"feat": "feature", "fix": "fix", "BREAKING CHANGE": "breaking", "ci": "CI", "build": "build", "refactor": "refactor", "test": "test"}'

.github/workflows/lint.yml

@@ -0,0 +1,23 @@
+# This workflow will check our code for having a proper format, as well as the commit message to meet the expected ones
+
+name: Lint
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  lint-commit:
+    runs-on: ubuntu-latest
+    name: "Lint commit message"
+    container:
+      image: commitizen/commitizen:4.8.3@sha256:08a078c52b368f85f34257a66e10645ee74d8cbe9b471930b80b2b4e95a9bd4a
+    steps:
+      - name: Check out
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Check commit message
+        run: |
+          git config --global --add safe.directory . 
+          cz check --rev-range HEAD

.github/workflows/publish.yml

@@ -0,0 +1,22 @@
+name: Publish
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Release
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+        with:
+          generate_release_notes: true
+          make_latest: true
+          token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/test.yml

@@ -0,0 +1,126 @@
+name: Test Twyn Action
+
+on:
+  push:
+    branches: [ main, init ]
+  pull_request:
+    branches: [ main, init ]
+  workflow_dispatch: # Allow manual triggering
+
+jobs:
+  test-basic:
+    name: Basic Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Test Basic Action (JSON output)
+        uses: ./
+        with:
+          json: true
+          dependency-file: "requirements.txt"
+
+  test-table-format:
+    name: Test Table Format
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Test Table Format (v6)
+        uses: ./
+        with:
+          table: true
+          version: "v6"
+          dependency-file: "requirements.txt"
+
+  test-version-validation:
+    name: Test Version Validation
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Test Invalid Version (should fail)
+        id: invalid-version
+        continue-on-error: true
+        uses: ./
+        with:
+          table: true
+          version: "v5.0.0"
+          dependency-file: "requirements.txt"
+
+      - name: Check that invalid version failed
+        run: |
+          if [ "${{ steps.invalid-version.outcome }}" != "failure" ]; then
+            echo "❌ Test failed: Invalid version should have caused failure"
+            exit 1
+          else
+            echo "✅ Test passed: Invalid version correctly rejected"
+          fi
+
+  test-with-outputs:
+    name: Test Action Outputs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Twyn with outputs
+        id: twyn-test
+        uses: ./
+        with:
+          json: true
+          dependency-file: "requirements.txt"
+
+      - name: Check outputs
+        run: |
+          echo "Exit Code: ${{ steps.twyn-test.outputs.exit-code }}"
+          echo "Has Findings: ${{ steps.twyn-test.outputs.has-findings }}"
+          echo "Results (truncated): ${{ steps.twyn-test.outputs.results }}"
+          
+          # Validate output format
+          if [ -z "${{ steps.twyn-test.outputs.exit-code }}" ]; then
+            echo "❌ exit-code output is missing"
+            exit 1
+          fi
+          
+          if [ -z "${{ steps.twyn-test.outputs.has-findings }}" ]; then
+            echo "❌ has-findings output is missing"
+            exit 1
+          fi
+          
+          echo "✅ All outputs are present"
+
+  test-pr-comment:
+    name: Test PR Comment (simulation)
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Test PR Comment Publishing
+        uses: ./
+        with:
+          table: true
+          version: "v6"
+          publish: true
+          dependency-file: "requirements.txt"
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+  test-verbose-mode:
+    name: Test Verbose Mode
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Test Verbose Output
+        uses: ./
+        with:
+          vv: true
+          table: true
+          version: "v6"
+          dependency-file: "requirements.txt"

CODEOWNERS

@@ -0,0 +1 @@
+@sdn4z @scastlara

README.md

@@ -0,0 +1,74 @@
+# Twyn Action
+
+A GitHub Action that runs security checks against dependency typosquatting attacks using [Twyn](https://github.com/elementsinteractive/twyn).
+
+## What is Twyn?
+
+Twyn is a security tool that analyzes your project dependencies to detect potential typosquatting attacks - when malicious packages have names similar to legitimate ones to trick developers into installing them.
+
+## Examples
+
+### Basic Security Check
+
+```yaml
+- name: Run Twyn Security Check
+  uses: elementsinteractive/twyn-action@v1
+```
+
+### With Table Output and PR Comments
+
+```yaml
+- name: Run Twyn Security Check
+  uses: elementsinteractive/twyn-action@v1
+  with:
+    table: true
+    version: v6
+    publish: true
+    github-token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+### Analyze Specific Files
+
+```yaml
+- name: Run Twyn Security Check
+  uses: elementsinteractive/twyn-action@v1
+  with:
+    dependency-file: "requirements.txt,package.json"
+    table: true
+    recursive: true
+```
+
+
+## Inputs
+
+| Input | Description | Required | Default |
+|-------|-------------|----------|---------|
+| `dependency-file` | Dependency file(s) to analyze (comma-separated) | No | Auto-detect |
+| `table` | Display results in table format (requires version >=v6) | No | `false` |
+| `json` | Display results in JSON format | No | `false` |
+| `publish` | Publish results as PR comments | No | `false` |
+| `github-token` | GitHub token for publishing comments | No | - |
+| `recursive` | Recursively search for dependency files | No | `false` |
+| `selector-method` | Method for selecting typosquats (`first-letter`, `nearby-letter`, `all`) | No | - |
+| `v` | Enable verbose output | No | `false` |
+| `vv` | Enable extra verbose output | No | `false` |
+| `version` | Twyn version to use | No | `latest` |
+
+## Outputs
+
+| Output | Description |
+|--------|-------------|
+| `results` | Raw output from twyn scan |
+| `exit-code` | Exit code (0=no issues, 1=issues found, >1=error) |
+| `has-findings` | Boolean indicating if issues were found |
+
+## Publishing Results to PR
+
+When `publish: true` is enabled, the action will automatically post a comment to the Pull Request with a formatted table showing any security findings. This requires:
+- `table: true` (automatically enabled when publish is true)
+- `version: "v6"` or higher (table format requires Twyn v6+)
+- `github-token` to be provided
+- The workflow to run on a Pull Request event
+
+The PR comment will include a detailed table with information about potential typosquatting packages found.
+