feat: bootstrap action

cerberauth · Mar 6, 2024 · 76e26c3 · 76e26c3
1 parent 9117798
commit 76e26c3
Show file tree

Hide file tree

Showing 17 changed files with 4,389 additions and 910 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -57,8 +57,10 @@ jobs:
         id: test-action
         uses: ./
         with:
-          milliseconds: 1000
+          curl:
+            curl -s https://api.github.com/repos/${{ github.repository
+            }}/actions/runs/${{ github.run_id }}/jobs
 
-      - name: Print Output
-        id: output
-        run: echo "${{ steps.test-action.outputs.time }}"
+      # - name: Print Output
+      #   id: output
+      #   run: echo "${{ steps.test-action.outputs.time }}"
diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+20
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1,3 +1,3 @@
 # Repository CODEOWNERS
 
-* @actions/actions-oss-maintainers
+*       @cerberauth @emmanuelgautier
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright GitHub
+Copyright (c) 2024 CerberAuth
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -1,32 +1,9 @@
-# Create a JavaScript Action
+# VulnAPI GitHub Action
 
-[![GitHub Super-Linter](https://github.com/actions/javascript-action/actions/workflows/linter.yml/badge.svg)](https://github.com/super-linter/super-linter)
-![CI](https://github.com/actions/javascript-action/actions/workflows/ci.yml/badge.svg)
+[![VulnAPI GitHub Action](https://github.com/cerberauth/vulnapi-action/actions/workflows/linter.yml/badge.svg)](https://github.com/cerberauth/vulnapi-action)
+![CI](https://github.com/cerberauth/vulnapi-action/actions/workflows/ci.yml/badge.svg)
 
-Use this template to bootstrap the creation of a JavaScript action. :rocket:
-
-This template includes compilation support, tests, a validation workflow,
-publishing, and versioning guidance.
-
-If you are new, there's also a simpler introduction in the
-[Hello world JavaScript action repository](https://github.com/actions/hello-world-javascript-action).
-
-## Create Your Own Action
-
-To create your own action, you can use this repository as a template! Just
-follow the below instructions:
-
-1. Click the **Use this template** button at the top of the repository
-1. Select **Create a new repository**
-1. Select an owner and name for your new repository
-1. Click **Create repository**
-1. Clone your new repository
-
-> [!IMPORTANT]
->
-> Make sure to remove or update the [`CODEOWNERS`](./CODEOWNERS) file! For
-> details on how to use this file, see
-> [About code owners](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners).
+Use this action to scan your project for vulnerabilities using the VulnAPI.
 
 ## Initial Setup
 

diff --git a/__tests__/main.test.js b/__tests__/main.test.js
@@ -13,15 +13,12 @@ const setOutputMock = jest.spyOn(core, 'setOutput').mockImplementation()
 // Mock the action's main function
 const runMock = jest.spyOn(main, 'run')
 
-// Other utilities
-const timeRegex = /^\d{2}:\d{2}:\d{2}/
-
 describe('action', () => {
   beforeEach(() => {
     jest.clearAllMocks()
   })
 
-  it('sets the time output', async () => {
+  it.skip('sets the time output', async () => {
     // Set the action's inputs as return values from core.getInput()
     getInputMock.mockImplementation(name => {
       switch (name) {
@@ -52,7 +49,7 @@ describe('action', () => {
     )
   })
 
-  it('sets a failed status', async () => {
+  it.skip('sets a failed status', async () => {
     // Set the action's inputs as return values from core.getInput()
     getInputMock.mockImplementation(name => {
       switch (name) {
@@ -73,7 +70,7 @@ describe('action', () => {
     )
   })
 
-  it('fails if no input is provided', async () => {
+  it.skip('fails if no input is provided', async () => {
     // Set the action's inputs as return values from core.getInput()
     getInputMock.mockImplementation(name => {
       switch (name) {

diff --git a/__tests__/wait.test.js b/__tests__/wait.test.js
diff --git a/action.yml b/action.yml
@@ -1,13 +1,23 @@
-name: 'The name of your action here'
-description: 'Provide a description here'
-author: 'Your name or organization here'
+name: 'VulnAPI Action'
+description:
+  "GitHub Action to use CerberAuth's VulnAPI to check for vulnerabilities in
+  your API"
+author: 'CerberAuth'
 
 # Define your inputs here.
 inputs:
-  milliseconds:
-    description: 'Your input description here'
+  version:
+    description: 'The version of the VulnAPI to use'
     required: true
-    default: '1000'
+    default: 'latest'
+
+  curl:
+    description: 'The curl command used to run API vulnerability scans'
+    required: false
+
+  openapi:
+    description: 'The OpenAPI file used to run API vulnerability scans'
+    required: false
 
 # Define your outputs here.
 outputs: