Merge pull request #17 from homoluctus/feature/support_env_var

Support IMAGE_NAME environment variable

Author: homoluctus

.github/workflows/test.yml

@@ -2,9 +2,12 @@ name: Test my typescript action
 
 on: pull_request
 
+env:
+  IMAGE_NAME: alpine:3.10.1
+
 jobs:
-  test:
-    name: Test
+  test1:
+    name: Test for with parameter
     runs-on: ubuntu-18.04
     steps:
     - uses: actions/checkout@v1
@@ -36,3 +39,36 @@ jobs:
         job_name: ':ts: *test gitrivy*'
         channel: '#develop'
         url: ${{ secrets.SLACK_WEBHOOK }}
+
+  test2:
+    name: Test for getting image name from enviroment variable
+    runs-on: ubuntu-18.04
+    steps:
+      - uses: actions/checkout@v1
+
+      - name: Install dependencies
+        run: npm install
+
+      # - name: Test
+      #   run: npm run test
+
+      - name: Build
+        run: npm run build
+
+      - name: Pull docker image
+        run: docker pull alpine:3.10.3
+
+      - uses: ./
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          issue_label: trivy,vulnerability,test
+          issue_title: Security Alert Test
+          issue_assignee: homoluctus
+
+      - uses: homoluctus/[email protected]
+        if: always()
+        with:
+          type: ${{ job.status }}
+          job_name: ':ts: *test gitrivy*'
+          channel: '#develop'
+          url: ${{ secrets.SLACK_WEBHOOK }}

README.md

@@ -4,6 +4,9 @@
 ![GitHub](https://img.shields.io/github/license/homoluctus/gitrivy?color=brightgreen)
 
 This is a GitHub Actions to scan vulnerability using [Trivy](https://github.com/aquasecurity/trivy).<br>
+If vulnerabilities are found by Trivy, it creates the following GitHub Issue.
+
+![image](https://github.com/homoluctus/gitrivy/blob/master/issue.png)
 
 ## Usage
 
@@ -13,7 +16,7 @@ This is a GitHub Actions to scan vulnerability using [Trivy](https://github.com/
 |:--:|:--:|:--:|:--|
 |token|True|N/A|GitHub access token<br>${{ secrets.GITHUB_TOKEN }} is recommended|
 |trivy_version|False|latest|Trivy version|
-|image|True|N/A|The target image name to scan the vulnerability|
+|image|True|N/A|The target image name to scan the vulnerability<br>Specify this parameter or `IMAGE_NAME` environment variable|
 |severity|False|HIGH,CRITICAL|Sevirities of vulunerabilities (separeted by commma)|
 |vuln_type|False|os,library|Scan target are os and / or library (separeted by commma)|
 |ignore_unfixed|False|false|Ignore unfixed vulnerabilities<br>Specify true or false|

action.yml

@@ -10,8 +10,8 @@ inputs:
     default: 'latest'
     required: false
   image:
-    description: 'The target image name of vulnerability scan'
-    required: true
+    description: 'The target image name of vulnerability scan (specify this parameter or "IMAGE_NAME" environment variable'
+    required: false
   severity:
     description: 'sevirities of vulunerabilities (separeted by commma)'
     default: 'HIGH,CRITICAL'

dist/index.js

@@ -6659,7 +6659,10 @@ function run() {
         try {
             const token = core.getInput('token', { required: true });
             const trivyVersion = core.getInput('trivy_version').replace(/^v/, '');
-            const image = core.getInput('image', { required: true });
+            const image = core.getInput('image') || process.env.IMAGE_NAME;
+            if (image === undefined || image === '') {
+                throw new Error('Please specify scan target image name');
+            }
             const trivyOptions = {
                 severity: core.getInput('severity').replace(/\s+/g, ''),
                 vulnType: core.getInput('vuln_type').replace(/\s+/g, ''),

issue.png

@@ -9,7 +9,12 @@ async function run() {
   try {
     const token: string = core.getInput('token', { required: true })
     const trivyVersion: string = core.getInput('trivy_version').replace(/^v/, '')
-    const image: string = core.getInput('image', { required: true })
+    const image: string | undefined = core.getInput('image') || process.env.IMAGE_NAME
+
+    if (image === undefined || image === '') {
+      throw new Error('Please specify scan target image name')
+    }
+
     const trivyOptions: TrivyOption = {
       severity: core.getInput('severity').replace(/\s+/g, ''),
       vulnType: core.getInput('vuln_type').replace(/\s+/g, ''),