action.yml

name: zarn-sast
description: A lightweight static security analysis tool (SAST) for modern Perl Apps
author: Heitor Gouvêa
branding:
  icon: "shield"
  color: "blue"

inputs:
  source:
    description: 'Configure a source directory to do static analysis'
    required: false
    default: "./${{ github.repository }}"
  rules:
    description: 'Define YAML file with rules'
    required: false
    default: './rules/default.yml'
  ignore:
    description: 'Define a file or directory to ignore'
    required: false
  sarif_file:
    description: 'Define the SARIF output file'
    required: false
    default: './${{ github.repository }}/result.sarif'

runs:
  using: "composite"
  steps:
    - shell: bash
      env:
        SOURCE: ${{ inputs.source }}
        RULES: ${{ inputs.rules }}
        IGNORE: ${{ inputs.ignore }}
        SARIF_FILE: ${{ inputs.sarif_file }}
      run: |
        docker run -v ./:/usr/src/zarn/${{ github.repository }} ghcr.io/htrgouvea/zarn/zarn:latest \
          --source ${SOURCE:-''} \
          --rules ${RULES:-''} \
          --ignore ${IGNORE:-''} \
          --sarif ${SARIF_FILE:-''}