SCP-65 SBOM Ingestion

.github/workflows/test-action.yml

@@ -22,6 +22,8 @@ jobs:
       - name: Test Local Action
         id: test-action
         uses: ./
+        with:
+          sbom-ignore: './scanoss-ignore.json'
 
       - name: Print output command
         run: echo "${{ steps.test-action.outputs.output-command }}"

action.yml

@@ -9,8 +9,21 @@ branding:
 
 # Define your inputs here.
 inputs:
-  scanner-parameters:  
-    description: 'Parameters to run a scan'
+  output-path:
+    description: 'Output result file name'
+    required: false
+    default: 'result.json'
+  sbom-identify:
+    description: 'Scan and identify components in SBOM file'
+    required: false
+  sbom-ignore:
+    description: 'Ignore components specified in the SBOM file'
+    required: false
+  api-key:
+    description: 'SCANOSS API Key token (optional - not required for default OSSKB URL)'
+    required: false
+  api-url:
+    description: 'SCANOSS API URL (optional - default: https://osskb.org/api/scan/direct)'
     required: false
 
 # Define your outputs here.

scanoss-ignore.json

@@ -0,0 +1,7 @@
+{
+  "components": [
+   {
+     "purl": "pkg:github/zhang14725804/notebook"
+   }
+ ]
+}

src/input.ts

@@ -0,0 +1,37 @@
+import * as core from '@actions/core'
+
+export interface ActionParameters {
+  repoDir: string
+  outputPath: string
+  sbomIdentify: string
+  sbomIgnore: string
+  apiKey: string
+  apiUrl: string
+}
+
+export function readInputs(): ActionParameters {
+  return {
+    repoDir: process.env.GITHUB_WORKSPACE as string,
+    outputPath: core.getInput('output-path'),
+    sbomIdentify: core.getInput('sbom-identify'),
+    sbomIgnore: core.getInput('sbom-ignore'),
+    apiKey: core.getInput('api-key'),
+    apiUrl: core.getInput('api-url')
+  }
+}
+
+export function commandBuilder(): string {
+  const ap = readInputs()
+  console.log(ap)
+  // prettier-ignore
+  const command =
+          `docker run -v "${ap.repoDir}":"/scanoss" ghcr.io/scanoss/scanoss-py:v1.9.0 scan . ` +
+                `--output ${ap.outputPath} ` +
+                (ap.sbomIdentify ? `--identify ${ap.sbomIdentify} ` : '') +
+                (ap.sbomIgnore ? `--ignore ${ap.sbomIgnore} ` : '')  +
+                (ap.apiUrl  ? `--apiurl ${ap.apiUrl} ` : '') +
+                (ap.apiKey  ? `--key ${ap.apiKey} ` : '')
+
+  console.log(command)
+  return command
+}

src/main.ts

@@ -1,6 +1,7 @@
 import * as core from '@actions/core'
 import * as exec from '@actions/exec'
 import { getLicenses, readResult } from './services/result.service'
+import { commandBuilder } from './input'
 
 /**
  * The main function for the action.
@@ -24,11 +25,7 @@ export async function run(): Promise<void> {
     options.silent = true
 
     // run scan
-    await exec.exec(
-      `docker run -v "${repoDir}":"/scanoss" ghcr.io/scanoss/scanoss-py:v1.9.0 scan . --output ${outputPath}`,
-      [],
-      options
-    )
+    await exec.exec(commandBuilder(), [], options)
 
     const scannerResults = await readResult(outputPath)
     const licenses = getLicenses(scannerResults)

vue.js

@@ -0,0 +1,56 @@
+<template>
+  <div>
+    <div :class="class1"></div>
+    <div :class="class2"></div>
+    <div class="box" :class="class3"></div>
+    <div class="box" :class="class4"></div>
+    <div class="box" :class="{ box5: class5 }"></div>
+  </div>
+</template>
+
+<style scoped>
+  .box {
+    width: 100px;
+    height: 100px;
+  }
+
+  .box1 {
+    background-color: #DDD;
+  }
+
+  .box2 {
+    background-color: #CCC;
+  }
+
+  .box3 {
+    background-color: #BBB;
+  }
+
+  .box4 {
+    background-color: #AAA;
+  }
+
+  .box5 {
+    background-color: #999;
+  }
+</style>
+
+<script>
+  module.exports = {
+    data () {
+      return {
+        class1: ['box', 'box1'],
+        class2: {
+          'box': true,
+          'box1': false,
+          'box2': true
+        },
+        class3: ['box3'],
+        class4: {
+          'box4': true
+        },
+        class5: true
+      }
+    }
+  }
+</script>