code-auditor/integrations/github/action.yml at main · th3ch0s3n1/code-auditor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: Code Audit

on:
  pull_request:
    types: [opened, synchronize, reopened]
  push:
    branches: [main, master]

jobs:
  audit:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0   # needed for --since-commit

      - name: Run code-auditor
        id: audit
        uses: docker://ghcr.io/your-org/code-auditor:latest
        with:
          args: >
            scan ${{ github.workspace }}
            --format json
            --output /github/workspace/audit-report.json
            --fail-on high

      - name: Upload HTML report
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: audit-report
          path: audit-report.json

      - name: Comment on PR
        if: github.event_name == 'pull_request' && always()
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
          REPO: ${{ github.repository }}
          REPORT_PATH: audit-report.json
        run: |
          pip install httpx
          python integrations/github/pr_commenter.py