Attempt at multiline action (#542)

Update the github actions to pass arguments in a multi line fashion to allow much more customisability.
google · Sep 19, 2023 · b3f6168 · b3f6168
1 parent 0d0535c
commit b3f6168
Show file tree

Hide file tree

Showing 7 changed files with 89 additions and 50 deletions.
diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml
@@ -31,25 +31,32 @@ jobs:
         uses: google/osv-scanner/actions/scanner@main
         continue-on-error: true
         with:
-          results-format: json
-          results-file: old-results.json
-          to-scan: .
+          scan-args: |-
+            --format=json
+            --output=old-results.json
+            -r
+            --skip-git
+            ./
       - name: "Checkout current branch"
         run: git checkout $GITHUB_SHA
       - name: "Run scanner on new code"
         uses: google/osv-scanner/actions/scanner@main
         with:
-          results-format: json
-          results-file: new-results.json
-          to-scan: .
+          scan-args: |-
+            --format=json
+            --output=new-results.json
+            -r
+            --skip-git
+            ./
         continue-on-error: true
       - name: "Run osv-scanner-reporter"
         uses: google/osv-scanner/actions/reporter@main
         with:
-          output-sarif-file: final-results.sarif
-          old-results: old-results.json
-          new-results: new-results.json
-          gh-annotations: true
+          scan-args: |-
+            --output=final-results.sarif
+            --old=old-results.json
+            --new=new-results.json
+            --gh-annoatations: true
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"

diff --git a/.github/workflows/osv-scanner-reusable-scheduled.yml b/.github/workflows/osv-scanner-reusable-scheduled.yml
@@ -25,10 +25,11 @@ jobs:
       - name: "Run scanner"
         uses: google/osv-scanner/actions/scanner@main
         with:
-          results-format: sarif
-          results-file: results.sarif
-          to-scan: .
-          recursive-scan: true
+          scan-args: |-
+            --output=results.sarif
+            --format=sarif
+            -r
+            --skip-git
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"

diff --git a/actions/reporter/action.yml b/actions/reporter/action.yml
@@ -2,25 +2,12 @@
 name: 'osv-scanner-reporter'
 description: 'Specialized reporting of scanner results for github actions'
 inputs:
-  output-sarif-file:
-    description: 'Output SARIF file path'
-    required: true
-  gh-annotations:
-    description: 'Whether to print github annotations'
-    default: false
-  old-results:
-    description: 'Old results to get the difference against'
-    required: false
-    default: ""
-  new-results:
-    description: 'New results to get the difference against'
+  scan-args:
+    description: 'Arguments to osv-scanner, separated by new line'
     required: true
 runs:
   using: 'docker'
   image: '../../action.dockerfile'
   entrypoint: /root/osv-reporter
   args:
-    - '--output=${{ inputs.output-sarif-file }}'
-    - '--old=${{ inputs.old-results }}'
-    - '--new=${{ inputs.new-results }}'
-    - '--gh-annotations=${{ inputs.gh-annotations }}'
+    - '${{ inputs.scan-args }}'
diff --git a/actions/scanner/action.yml b/actions/scanner/action.yml
@@ -2,25 +2,14 @@
 name: 'osv-scanner'
 description: 'Scans your directory against the OSV database (Experimental)'
 inputs:
-  to-scan:
-    description: 'Directories to scan'
-    default: "./"
-  results-file:
-    description: 'Output path'
-    required: true
-  results-format:
-    description: 'Output result format'
-    default: 'sarif'
-  recursive-scan:
-    description: 'Recursively scan though subdirectories'
-    required: false
-    default: true
+  scan-args:
+    description: 'Arguments to osv-scanner, separated by new line'
+    default: |-
+      --skip-git
+      --recursive
+      ./
 runs:
   using: 'docker'
   image: '../../action.dockerfile'
   args:
-    - '--skip-git'
-    - '--output=${{ inputs.results-file }}'
-    - '--format=${{ inputs.results-format }}'
-    - '--recursive=${{ inputs.recursive-scan }}'
-    - ${{ inputs.to-scan }}
+    - ${{ inputs.scan-args }}
diff --git a/cmd/osv-reporter/main.go b/cmd/osv-reporter/main.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"strings"
 
 	"github.com/google/osv-scanner/internal/ci"
 	"github.com/google/osv-scanner/pkg/models"
@@ -16,14 +17,28 @@ import (
 
 var (
 	// Update this variable when doing a release
-	version = "1.3.5"
+	version = "1.4.0"
 	commit  = "n/a"
 	date    = "n/a"
 )
 
+// splitLastArg splits the last argument by new lines and appends the split
+// elements onto args and returns it
+func splitLastArg(args []string) []string {
+	lastArg := args[len(args)-1]
+	lastArgSplits := strings.Split(lastArg, "\n")
+	args = append(args[:len(args)-1], lastArgSplits...)
+
+	return args
+}
+
 func run(args []string, stdout, stderr io.Writer) int {
 	var tableReporter reporter.Reporter
 
+	// Allow multiple arguments to be defined by github actions by splitting the last argument
+	// by new lines.
+	args = splitLastArg(args)
+
 	cli.VersionPrinter = func(ctx *cli.Context) {
 		// Use the app Writer and ErrWriter since they will be the writers to keep parallel tests consistent
 		tableReporter = reporter.NewTableReporter(ctx.App.Writer, ctx.App.ErrWriter, false, 0)

diff --git a/cmd/osv-reporter/main_test.go b/cmd/osv-reporter/main_test.go
@@ -0,0 +1,40 @@
+package main
+
+import (
+	"reflect"
+	"testing"
+)
+
+func Test_splitLastArg(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name string
+		args []string
+		want []string
+	}{
+		{
+			args: []string{
+				"--test1",
+				"--test2",
+				"--test3\n--test4\n--test5",
+			},
+			want: []string{
+				"--test1",
+				"--test2",
+				"--test3",
+				"--test4",
+				"--test5",
+			},
+		},
+	}
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			if got := splitLastArg(tt.args); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("splitLastArg() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/pkg/osvscanner/optional_enricher.go b/pkg/osvscanner/optional_enricher.go
@@ -29,7 +29,7 @@ func addCompilerVersion(r reporter.Reporter, parsedLockfile *lockfile.Lockfile)
 	case "go.mod":
 		goVer, err := getGoVersion()
 		if err != nil {
-			r.PrintError(fmt.Sprintf("cannot get go standard library version, go might not be installed: %s", err))
+			r.PrintError(fmt.Sprintf("cannot get go standard library version, go might not be installed: %s\n", err))
 		} else {
 			parsedLockfile.Packages = append(parsedLockfile.Packages, lockfile.PackageDetails{
 				Name:      "stdlib",