Document the new setup action

Author: garethr

README.md

@@ -20,6 +20,7 @@ you are using. We currently support:
 * [Ruby](ruby)
 * [Scala](scala)
 * [Docker](docker)
+* [Setup](setup)
 
 Here's an example of using one of the Actions, in this case to test a Node.js project:
 
@@ -60,11 +61,37 @@ jobs:
 
 See the individual Actions linked above for per-language instructions.
 
-Note: GitHub Actions will not pass on secrets set in the repository to forks being used in pull requests, and so the Snyk actions that require the token will fail to run.
+Note that GitHub Actions will not pass on secrets set in the repository to forks being used in pull requests, and so the Snyk actions that require the token will fail to run.
 
-## Getting your Snyk token	
 
-The Actions example above refer to a Snyk API token:	
+### Bring your own development environment
+
+The per-language Actions automatically install all the required development tools for Snyk to determine the correct dependencies and hence vulnerabilities from different language environments. If you have a workflow where you already have those installed then you can instead use the `snyk/actions/setup` Action to just install Snyk
+
+```yaml
+name: Snyk example
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - uses: snyk/actions/setup@master
+    - uses: actions/setup-go@v1
+      with:
+        go-version: "1.13"
+    - name: Snyk monitor
+      run: snyk test
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+```
+
+The example here uses `actions/setup-go` would you would need to select the right actions to install the relevant development requirements for your project. If you are already using the same pipeline to build and test your application you're likely already doing so.
+
+
+### Getting your Snyk token	
+
+The Actions example above refer to a Snyk API token:
 
 ```yaml	
 env:
@@ -73,10 +100,12 @@ env:
 
 Every Snyk account has this token, and you can find it in one of two ways:	
 1. If you're using the [Snyk CLI](https://support.snyk.io/hc/en-us/articles/360003812458-Getting-started-with-the-CLI) you can retrieve it by running `snyk config get api`.	
-2. In the UI, go to your account's general settings page (https://app.snyk.io/account) and retrieve the API token, as shown in the following [Revoking and regenerating Snyk API tokens](https://support.snyk.io/hc/en-us/articles/360004008278-Revoking-and-regenerating-Snyk-API-tokens).
+2. In the UI, go to your Snyk account's [settings page](https://app.snyk.io/account) and retrieve the API token, as shown in the following [Revoking and regenerating Snyk API tokens](https://support.snyk.io/hc/en-us/articles/360004008278-Revoking-and-regenerating-Snyk-API-tokens).
+
 
+### Continuing on error
 
-Note: The above examples will halt the action when issues are found. If you want to ensure the action continues, even if Snyk finds issues, then [conmtinue-on-error]https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error will need to be set.
+The above examples will fail the workflow when issues are found. If you want to ensure the Action continues, even if Snyk finds vulnerabilities, then [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) can be used..
 
 ```yaml
 name: Example workflow using Snyk with continue on error
@@ -91,7 +120,4 @@ jobs:
       continue-on-error: true
       env:
         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        command: monitor
 ```
-

setup/README.md

@@ -0,0 +1,66 @@
+# Snyk Setup Action
+
+A [GitHub Action](https://github.com/features/actions) for installing [Snyk](https://snyk.io) to check for
+vulnerabilities.
+
+You can use the Action as follows:
+
+```yaml
+name: Snyk example 
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - uses: snyk/actions/setup@master
+    - uses: actions/setup-go@v1
+      with:
+        go-version: "1.13"
+    - name: Snyk monitor 
+      run: snyk test
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+```
+
+When using the Setup Action you are responsible for setting up the development environment required to run Snyk.
+In this case this is a Go project so `actions/setup-go` was used, but this would be specific to your project. The [language and frameworks guides](https://docs.github.com/en/actions/language-and-framework-guides) are a good starting point.
+
+The Snyk Setup Action has properties which are passed to the underlying image. These are
+passed to the action using `with`.
+
+| Property | Default | Description |
+| --- | --- | --- |
+| snyk-version | latest | Install a specific version of Snyj |
+
+The Action also has outputs:
+
+| Property | Default | Description |
+| --- | --- | --- |
+| version |   | The full version of the Snyk CLI installed |
+
+For example, you can choose to install a specific version of Snyk. The installed version can be
+grabbed from the output:
+
+```yaml
+name: Snyk example
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - uses: snyk/actions/setup@master
+      id: snyk
+      with:
+        snyk-version: v1.391.0
+    - uses: actions/setup-go@v1
+      with:
+        go-version: "1.13"
+    - name: Snyk version
+      run: echo "${{ steps.snyk.outputs.version }}"
+    - name: Snyk monitor 
+      run: snyk monitor
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+```

setup/setup_snyk.sh

@@ -1,6 +1,19 @@
 #!/bin/bash
 set -e
 
+# This script takes two positional arguments. The first is the version of Snyk to install.
+# This can be a standard version (ie. v1.390.0) or it can be latest, in which case the
+# latest released version will be used.
+#
+# The second argument is the platform, in the format used by the `runner.os` context variable
+# in GitHub Actions. Note that this script does not currently support Windows based environments.
+#
+# As an example, the following would install the latest version of Snyk for GitHub Actions for
+# a Linux runner:
+#
+#     ./snyk-setup.sh latest Linux
+#
+
 die () {
     echo >&2 "$@"
     exit 1