v1.0.0

Author: Gioyik

.github/workflows/ncm-report.yml

@@ -0,0 +1,33 @@
+name: NodeSource Certification process
+on: [push, pull_request]
+
+jobs:
+  ncm_report:
+    runs-on: ubuntu-latest
+    name: NodeSource Certification process
+    steps:
+      - uses: actions/checkout@v2
+      - run: npm install
+      - name: Report without options
+        id: report
+        uses: nodesource/ncm-report-github-action@master
+        with:
+          token: ${{ secrets.NCM_TOKEN }}
+      - name: Report with --long
+        id: report_long
+        uses: nodesource/ncm-report-github-action@master
+        with:
+          token: ${{ secrets.NCM_TOKEN }}
+          long: 'yes'
+      - name: Report with --compliance
+        id: report_compliance
+        uses: nodesource/ncm-report-github-action@master
+        with:
+          token: ${{ secrets.NCM_TOKEN }}
+          compliance: 'yes'
+      - name: Report with --security
+        id: report_security
+        uses: nodesource/ncm-report-github-action@master
+        with:
+          token: ${{ secrets.NCM_TOKEN }}
+          security: 'yes'

.gitignore

@@ -0,0 +1,2 @@
+.DS_Store
+node_modules/

Dockerfile

@@ -0,0 +1,13 @@
+FROM node:12
+
+LABEL version="1.0.0"
+LABEL repository="https://github.com/nodesource/ncm-github-action"
+LABEL homepage="https://nodesource.com"
+LABEL maintainer="NodeSource"
+
+RUN apt-get update && apt-get install -y g++ build-essential
+RUN npm install -g ncm-cli
+
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -0,0 +1,87 @@
+# NCM Report Github Action
+
+![NodeSource Certification process](https://github.com/nodesource/ncm-report-github-action/workflows/NodeSource%20Certification%20process/badge.svg?event=push)
+
+This action generates and prints a project-wide report of directory risk and
+quality of installed or specified packages.
+
+## Inputs
+
+### `token`
+
+_Default_: `<empty>`
+
+**Required** Learn more about obtaining NodeSource service tokens and
+configuring permissions [here](https://docs.nodesource.com/ncm_v2/docs#ci-setup).
+We recommend you using repository [Secrets](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) to store this value and use it in the workflow.
+
+### `long`
+
+_Default_: `no`
+
+**Optional** Set `yes` if you want the report display a list of all modules.
+
+### `compliance`
+
+_Default_: `no`
+
+**Optional** Set `yes` if you want the report only display non-compliant
+packages.
+
+### `security`
+
+_Default_: `no`
+
+**Optional** Set `yes` if you want the report only display packages with
+vulnerabilities.
+
+## Example usage
+
+This action can be used in the following scenarios:
+
+* Default report:
+
+```
+uses: nodesource/ncm-report-github-action@master
+with:
+  token: ${{ secrets.NCM_TOKEN }}
+```
+
+* Long version of the report:
+
+```
+uses: nodesource/ncm-report-github-action@master
+with:
+  token: ${{ secrets.NCM_TOKEN }}
+  long: 'yes'
+```
+
+* Report with compliance only informaiton:
+
+```
+uses: nodesource/ncm-report-github-action@master
+with:
+  token: ${{ secrets.NCM_TOKEN }}
+  compliance: 'yes'
+```
+
+* Report with package vulnerabilities only informaiton:
+
+```
+uses: nodesource/ncm-report-github-action@master
+with:
+  token: ${{ secrets.NCM_TOKEN }}
+  compliance: 'yes'
+```
+
+To generate the report, `NCM` needs to get your `node_modules` folder to analyze
+and compare data, so, you might need to use more actions to get your code inside the
+workflow and the dependencies installed. We recommend you using:
+
+```
+- uses: actions/checkout@v2
+- run: npm install
+```
+
+Feel free to check the workflow in `github/workflows/ncm-report.yml` for
+reference and real world usage example.

action.yml

@@ -0,0 +1,31 @@
+name: 'NCM Report'
+description: 'Generates a project-wide report of directory risk and quality of installed or specified packages.'
+inputs:
+  token:
+    description: 'Set a NodeSource service token'
+    required: true
+  long:
+    description: 'Make a report with a list of all modules'
+    required: false
+    default: 'no'
+  compliance:
+    description: 'Only display non-compliant packages'
+    required: false
+    default: 'no'
+  security:
+    description: 'Only display packages with vulnerabilities'
+    required: false
+    default: 'no'
+
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+    - ${{ inputs.token }}
+    - ${{ inputs.long }}
+    - ${{ inputs.compliance }}
+    - ${{ inputs.security }}
+
+branding:
+  icon: 'layers'
+  color: 'green'

entrypoint.sh

@@ -0,0 +1,14 @@
+#!/bin/bash -l
+
+if [[ "$2" = "yes" ]]
+then
+  NCM_TOKEN=$1 ncm report --long
+elif [[ "$3" = "yes" ]]
+then
+  NCM_TOKEN=$1 ncm report --compliance
+elif [[ "$4" = "yes" ]]
+then
+  NCM_TOKEN=$1 ncm report --security
+else
+  NCM_TOKEN=$1 ncm report
+fi

package.json

@@ -0,0 +1,18 @@
+{
+  "name": "test-file-for-workflows",
+  "version": "1.0.0",
+  "description": "The easiest way to test NCM Report feature",
+  "scripts": {
+    "lint": "standard"
+  },
+  "keywords": [],
+  "author": "NodeSource",
+  "license": "MIT",
+  "devDependencies": {
+    "is-wsl": "^2.1.1",
+    "open": "^7.0.0"
+  },
+  "dependencies": {
+    "colorette": "^1.1.0"
+  }
+}