Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 07:04:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

Make the github action work with a path as input (#2908)

Browse source 
This change executes all shell commands relative to `path`, and makes sure
that `git` is always working by running `git status` first. If the `path` is
not a git repository, `git status` should give a clear error message about
this.
This commit is contained in:
Ben Bridts 2024-06-07 17:21:28 +02:00 committed by GitHub
parent 3be4661f34
commit f122b295bf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
action.yml
View file

@ -30,8 +30,8 @@ runs:
using: "composite"
steps:
- shell: bash
working-directory: ${{ inputs.path }}
env:
REPO_PATH: ${{ inputs.path }}
BASE: ${{ inputs.base }}
HEAD: ${{ inputs.head }}
ARGS: ${{ inputs.extra_args }}
@ -43,6 +43,7 @@ runs:
## Scan by BASE & HEAD user inputs ##
## If BASE == HEAD, exit with error ##
##########################################
git status >/dev/null # make sure we are in a git repostiory
if [ -n "$BASE" ] || [ -n "$HEAD" ]; then
if [ -n "$BASE" ]; then
base_commit=$(git rev-parse "$BASE" 2>/dev/null) || true
@ -54,7 +55,7 @@ runs:
else
head_commit=""
fi
if [ $base_commit == $head_commit ] ; then
if [ "$base_commit" == "$head_commit" ] ; then
echo "::error::BASE and HEAD commits are the same. TruffleHog won't scan anything. Please see documentation (https://github.com/trufflesecurity/trufflehog#octocat-trufflehog-github-action)."
exit 1
fi
@ -85,7 +86,7 @@ runs:
##########################################
## Run TruffleHog ##
##########################################
docker run --rm -v "$REPO_PATH":/tmp -w /tmp \
docker run --rm -v .:/tmp -w /tmp \
ghcr.io/trufflesecurity/trufflehog:${VERSION} \
git file:///tmp/ \
--since-commit \