dataswift · pperzyna · Mar 31, 2021 · Apr 16, 2021 · Apr 16, 2021 · Apr 16, 2021
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,39 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "**.ts"
+      - "package.json"
+      - "yarn.lock"
+      - "tsconfig.json"
+
+jobs:
+  build:
+    name: Transpile Typescript
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+
+      - name: Setup workspace
+        run: yarn install --frozen-lockfile
+
+      - name: Transpile
+        run: yarn run build
+
+      - name: Commit
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+          git add .
+          git commit -m "build: Transpile" || echo "No changes to commit"
+
+      - uses: peter-evans/create-pull-request@v3
+        with:
+          title: 'Transpile'
diff --git a/.github/workflows/integration-test.yaml b/.github/workflows/integration-test.yaml
@@ -0,0 +1,28 @@
+name: Integration Test
+
+on:
+  pull_request:
+    paths:
+      - 'dist/**'
+  workflow_dispatch:
+
+env:
+  IMAGE_NAME: knqyf263/vuln-image
+
+jobs:
+  test:
+    name: Integration Test
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Pull docker image
+      run: docker pull ${{ env.IMAGE_NAME }}
+
+    - uses: ./
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        image: ${{ env.IMAGE_NAME }}
+        issue_label: trivy,vulnerability,test
+        issue_title: Security Alert Test
+        issue_assignee: homoluctus
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
diff --git a/.github/workflows/tweet-action/template.ejs b/.github/workflows/tweet-action/template.ejs
@@ -0,0 +1,4 @@
+Release lazy-actions/gitrivy version <%- version %> 🎉🎉🎉
+<%- url %>
+
+#GitHub #GitHubActions #Trivy
diff --git a/.github/workflows/twitter.yaml b/.github/workflows/twitter.yaml
@@ -0,0 +1,26 @@
+name: Twitter
+
+on:
+  release:
+    types:
+      - "published"
+
+jobs:
+  tweet:
+    name: Tweet New Version
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: lazy-actions/tweet-action@main
+        with:
+          data: |
+            {
+              "version": "${{ github.event.release.tag_name }}",
+              "url": "${{ github.event.release.html_url }}"
+            }
+          template_filename: .github/workflows/tweet-action/template.ejs
+          oauth_consumer_key: ${{ secrets.TWITTER_CONSUMER_KEY }}
+          oauth_consumer_secret: ${{ secrets.TWITTER_CONSUMER_SECRET }}
+          oauth_token: ${{ secrets.TWITTER_TOKEN }}
+          oauth_token_secret: ${{ secrets.TWITTER_TOKEN_SECRET }}
diff --git a/.github/workflows/unittest.yml → .github/workflows/unit-test.yaml b/.github/workflows/unittest.yml → .github/workflows/unit-test.yaml
@@ -4,19 +4,18 @@ on:
   pull_request:
     paths:
       - 'src/**'
-      - 'dist/**'
       - tsconfig.json
       - package.json
       - yarn.lock
 
 jobs:
-  jest:
-    name: Test with jest
-    runs-on: ubuntu-18.04
+  test:
+    name: Unit Test
+    runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
 
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v2
         with:
           node-version: '12.x'
 

diff --git a/.prettierrc.yml b/.prettierrc.yml
@@ -1,5 +1,5 @@
 semi: true
 singleQuote: true
-trailingComma: es5
+trailingComma: none
 parser": typescript
 bracketSpacing: true
diff --git a/README.md b/README.md
@@ -1,38 +1,47 @@
-# Gitrivy
+# Gitrivy (GitHub Issue + Trivy Action)
 
+![GitHub Workflow Status](https://img.shields.io/github/workflow/status/lazy-actions/gitrivy/Build)
+![GitHub Workflow Status](https://img.shields.io/github/workflow/status/lazy-actions/gitrivy/Integration%20Test?label=Integration%20Test)
+![GitHub Workflow Status](https://img.shields.io/github/workflow/status/lazy-actions/gitrivy/Unit%20Test?label=Unit%20Test)
 ![GitHub release (latest by date)](https://img.shields.io/github/v/release/homoluctus/gitrivy?color=brightgreen&include_prereleases)
-![GitHub](https://img.shields.io/github/license/homoluctus/gitrivy?color=brightgreen)
+![LICENSE](https://img.shields.io/github/license/homoluctus/gitrivy?color=brightgreen)
 
 This is a GitHub Actions to scan vulnerability using [Trivy](https://github.com/aquasecurity/trivy).<br>
 If vulnerabilities are found by Trivy, it creates the following GitHub Issue.
 
-![image](https://github.com/homoluctus/gitrivy/blob/master/issue.png)
+![image](./assets/img/issue.png)
 
-## Usage
+## Feature
 
-### Inputs
+- Scan vulnerability used by Trivy
+- Create or Update GitHub Issue if vulnerabilities found
+  - Customize Issue title, label and assignee
+  - Issue body is generated by template parameter
+
+## Inputs
 
 |Parameter|Required|Default Value|Description|
 |:--:|:--:|:--:|:--|
-|trivy_version|False|latest|Trivy version|
+|token|True|N/A|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.|
 |image|True|N/A|The target image name to scan the vulnerability<br>Specify this parameter or `IMAGE_NAME` environment variable|
+|trivy_version|False|latest|Trivy version|
 |severity|False|HIGH,CRITICAL|Severities of vulnerabilities (separated by commma)|
 |vuln_type|False|os,library|Scan target are os and / or library (separated by commma)|
 |ignore_unfixed|False|false|Ignore unfixed vulnerabilities<br>Please specify `true` or `false`|
-|issue|False|true|Decide whether creating issue when vulnerabilities are found by trivy.<br>Please specify `true` or `false`|
-|token|True if issue parameter is true else False|N/A|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.|
+|template|False|N/A|Path to template file<br>This parameter equals trivy --template option<br>By default, it uses src/default.tpl which is based on [contrib/html.tpl](https://github.com/aquasecurity/trivy/blob/main/contrib/html.tpl)<br>reference: [Report Formats - Trivy](https://aquasecurity.github.io/trivy/v0.18.3/examples/report/#template)|
 |issue_title|False|Security Alert|Issue title|
 |issue_label|False|trivy,vulnerability|Issue label (separated by commma)|
 |issue_assignee|False|N/A|Issue assignee (separated by commma)|
+|fail_on_vulnerabilities|False|false|Whether the action should fail if any vulnerabilities were found.|
 
-### Outputs
+## Outputs
 
 |Parameter|Description|
 |:--:|:--|
 |html_url|The URL to view the issue|
 |issue_number|The created issue number|
 
-## Example Workflow
+## Example
 
 Detect your docker image vulnerability everyday at 9:00 (UTC).
 
@@ -46,12 +55,12 @@ on:
 jobs:
   scan:
     name: Daily Vulnerability Scan
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - name: Pull docker image
         run: docker pull sample
 
-      - uses: homoluctus/gitrivy@v1.0.0
+      - uses: lazy-actions/gitrivy@v3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           image: sample