1.1.0

Author: Gioyik

.github/workflows/ncm-report.yml

@@ -1,33 +1,17 @@
-name: NodeSource Certification process
-on: [push, pull_request]
+name: NodeSource Certification
+on: pull_request
 
 jobs:
   ncm_report:
     runs-on: ubuntu-latest
-    name: NodeSource Certification process
+    name: N|S -> NCM Pipeline
     steps:
       - uses: actions/checkout@v2
       - run: npm install
-      - name: Report without options
+      - name: NCM Report
         id: report
-        uses: nodesource/ncm-report-github-action@master
+        uses: nodesource/ncm-report-github-action@v1.1.0
         with:
           token: ${{ secrets.NCM_TOKEN }}
-      - name: Report with --long
-        id: report_long
-        uses: nodesource/ncm-report-github-action@master
-        with:
-          token: ${{ secrets.NCM_TOKEN }}
-          long: 'yes'
-      - name: Report with --compliance
-        id: report_compliance
-        uses: nodesource/ncm-report-github-action@master
-        with:
-          token: ${{ secrets.NCM_TOKEN }}
-          compliance: 'yes'
-      - name: Report with --security
-        id: report_security
-        uses: nodesource/ncm-report-github-action@master
-        with:
-          token: ${{ secrets.NCM_TOKEN }}
-          security: 'yes'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_job_name: N|S -> NCM Pipeline

Dockerfile

@@ -6,7 +6,7 @@ LABEL homepage="https://nodesource.com"
 LABEL maintainer="NodeSource"
 
 RUN apt-get update && apt-get install -y g++ build-essential
-RUN npm install -g ncm-cli
+RUN npm install -g nodesource/ncm-cli#gio/bump
 
 COPY entrypoint.sh /entrypoint.sh
 

README.md

@@ -35,6 +35,22 @@ _Default_: `no`
 **Optional** Set `yes` if you want the report only display packages with
 vulnerabilities.
 
+### `github_token`
+
+_Default_: `${{ secrets.GITHUB_TOKEN }}`
+
+**Required** Set to pass the internal GitHub Token for NCM to update the check
+and make annotations. Use the default value (`${{ secrets.GITHUB_TOKEN }}`), you
+don't need to create any token in Secrets for this, GitHub automatically creates
+and sets this in the Action context.
+
+### `github_job_name`
+
+_Default_: `<empty>`
+
+**Required** You need to set the same name you set to your job. If not,
+annotations will not be able to be included in your PR or RunCheck.
+
 ## Example usage
 
 This action can be used in the following scenarios:
@@ -45,6 +61,8 @@ This action can be used in the following scenarios:
 uses: nodesource/ncm-report-github-action@master
 with:
   token: ${{ secrets.NCM_TOKEN }}
+  github_token: ${{ secrets.GITHUB_TOKEN }}
+  github_job_name: N|S -> NCM Pipeline
 ```
 
 * Long version of the report:
@@ -54,6 +72,8 @@ uses: nodesource/ncm-report-github-action@master
 with:
   token: ${{ secrets.NCM_TOKEN }}
   long: 'yes'
+  github_token: ${{ secrets.GITHUB_TOKEN }}
+  github_job_name: N|S -> NCM Pipeline
 ```
 
 * Report with compliance only informaiton:
@@ -63,6 +83,8 @@ uses: nodesource/ncm-report-github-action@master
 with:
   token: ${{ secrets.NCM_TOKEN }}
   compliance: 'yes'
+  github_token: ${{ secrets.GITHUB_TOKEN }}
+  github_job_name: N|S -> NCM Pipeline
 ```
 
 * Report with package vulnerabilities only informaiton:
@@ -72,11 +94,13 @@ uses: nodesource/ncm-report-github-action@master
 with:
   token: ${{ secrets.NCM_TOKEN }}
   compliance: 'yes'
+  github_token: ${{ secrets.GITHUB_TOKEN }}
+  github_job_name: N|S -> NCM Pipeline
 ```
 
 To generate the report, `NCM` needs to get your `node_modules` folder to analyze
-and compare data, so, you might need to use more actions to get your code inside the
-workflow and the dependencies installed. We recommend you using:
+and compare data, so, you might need to use more actions to get your code inside
+the workflow and the dependencies installed. We recommend you using:
 
 ```
 - uses: actions/checkout@v2

action.yml

@@ -16,6 +16,13 @@ inputs:
     description: 'Only display packages with vulnerabilities'
     required: false
     default: 'no'
+  github_token:
+    description: 'Send a Github Token'
+    required: true
+    default: ''
+  github_job_name:
+    description: 'Set the name of the job'
+    required: true
 
 runs:
   using: 'docker'
@@ -25,6 +32,8 @@ runs:
     - ${{ inputs.long }}
     - ${{ inputs.compliance }}
     - ${{ inputs.security }}
+    - ${{ inputs.github_token }}
+    - ${{ inputs.github_job_name }}
 
 branding:
   icon: 'layers'

entrypoint.sh

@@ -2,13 +2,13 @@
 
 if [[ "$2" = "yes" ]]
 then
-  NCM_TOKEN=$1 ncm report --long
+  FORCE_COLOR=3 IS_GITHUB_ACTION=true NCM_TOKEN=$1 ncm report --long
 elif [[ "$3" = "yes" ]]
 then
-  NCM_TOKEN=$1 ncm report --compliance
+  FORCE_COLOR=3 IS_GITHUB_ACTION=true NCM_TOKEN=$1 ncm report --compliance
 elif [[ "$4" = "yes" ]]
 then
-  NCM_TOKEN=$1 ncm report --security
+  FORCE_COLOR=3 IS_GITHUB_ACTION=true NCM_TOKEN=$1 ncm report --security
 else
-  NCM_TOKEN=$1 ncm report
+  FORCE_COLOR=3 IS_GITHUB_ACTION=true NCM_TOKEN=$1 ncm report
 fi