SCP-65 SBOM Ingestion

scanoss · Jan 24, 2024 · 380b407 · 380b407
1 parent e8b3826
commit 380b407
Show file tree

Hide file tree

Showing 7 changed files with 189 additions and 12 deletions.
diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
@@ -22,6 +22,8 @@ jobs:
       - name: Test Local Action
         id: test-action
         uses: ./
+        with:
+          sbom-ignore: './scanoss-ignore.json'
 
       - name: Print output command
         run: echo "${{ steps.test-action.outputs.output-command }}"

diff --git a/action.yml b/action.yml
@@ -9,8 +9,17 @@ branding:
 
 # Define your inputs here.
 inputs:
-  scanner-parameters:  
-    description: 'Parameters to run a scan'
+  sbom-identify:
+    description: 'Scan and identify components in SBOM file'
+    required: false
+  sbom-ignore:
+    description: 'Ignore components specified in the SBOM file'
+    required: false
+  api-key:
+    description: 'SCANOSS API Key token (optional - not required for default OSSKB URL)'
+    required: false
+  api-url:
+    description: 'SCANOSS API URL (optional - default: https://osskb.org/api/scan/direct)'
     required: false
 
 # Define your outputs here.

diff --git a/dist/index.js b/dist/index.js
diff --git a/scanoss-ignore.json b/scanoss-ignore.json
@@ -0,0 +1,7 @@
+{
+  "components": [
+   {
+     "purl": "pkg:github/zhang14725804/notebook"
+   }
+ ]
+}
diff --git a/src/input.ts b/src/input.ts
@@ -0,0 +1,29 @@
+import * as core from '@actions/core'
+
+export interface ActionParameters {
+  sbomIdentify: string
+  sbomIgnore: string
+  apiKey: string
+  apiUrl: string
+}
+
+export function getInputs(): ActionParameters {
+  return {
+    sbomIdentify: core.getInput('sbom-identify'),
+    sbomIgnore: core.getInput('sbom-ignore'),
+    apiKey: core.getInput('api-key'),
+    apiUrl: core.getInput('api-url')
+  }
+}
+
+export function commandParametersBuilder(ap: ActionParameters): string {
+  return ap.sbomIdentify
+    ? `--identify ${ap.sbomIdentify}`
+    : '' + ap.sbomIgnore
+      ? `--ignore ${ap.sbomIgnore}`
+      : '' + ap.apiUrl
+        ? `--apiurl ${ap.apiUrl}`
+        : '' + ap.apiKey
+          ? `--key ${ap.apiKey}`
+          : ''
+}
diff --git a/src/main.ts b/src/main.ts
@@ -1,6 +1,8 @@
 import * as core from '@actions/core'
 import * as exec from '@actions/exec'
 import { getLicenses, readResult } from './services/result.service'
+import { commandParametersBuilder } from './input'
+import { getInputs } from './input'
 
 /**
  * The main function for the action.
@@ -26,7 +28,7 @@ export async function run(): Promise<void> {
     // run scan
     await exec.exec(
       `docker run -v "${repoDir}":"/scanoss" ghcr.io/scanoss/scanoss-py:v1.9.0 scan . --output ${outputPath}`,
-      [],
+      [commandParametersBuilder(getInputs())],
       options
     )
 

diff --git a/vue.js b/vue.js
@@ -0,0 +1,56 @@
+<template>
+  <div>
+    <div :class="class1"></div>
+    <div :class="class2"></div>
+    <div class="box" :class="class3"></div>
+    <div class="box" :class="class4"></div>
+    <div class="box" :class="{ box5: class5 }"></div>
+  </div>
+</template>
+
+<style scoped>
+  .box {
+    width: 100px;
+    height: 100px;
+  }
+
+  .box1 {
+    background-color: #DDD;
+  }
+
+  .box2 {
+    background-color: #CCC;
+  }
+
+  .box3 {
+    background-color: #BBB;
+  }
+
+  .box4 {
+    background-color: #AAA;
+  }
+
+  .box5 {
+    background-color: #999;
+  }
+</style>
+
+<script>
+  module.exports = {
+    data () {
+      return {
+        class1: ['box', 'box1'],
+        class2: {
+          'box': true,
+          'box1': false,
+          'box2': true
+        },
+        class3: ['box3'],
+        class4: {
+          'box4': true
+        },
+        class5: true
+      }
+    }
+  }
+</script>