plugin: adds github action to integrate with CI/CD flow

.github/actions/gokakashi-scan/action.yaml

@@ -20,11 +20,10 @@ inputs:
     description: 'The publish path for the scan report'
     required: false
     default: 'report_private'
-  inputs:
-    fail_on_severity:
-      description: 'Comma-separated list of severity levels to fail the job on (e.g., CRITICAL,HIGH)'
-      required: false
-      default: 'CRITICAL'
+  fail_on_severity:
+    description: 'Comma-separated list of severity levels to fail the job on (e.g., CRITICAL,HIGH)'
+    required: false
+    default: 'CRITICAL'
 
 
 outputs:

.github/actions/gokakashi-scan/index.js

@@ -67,7 +67,7 @@ async function run() {
         // Step 3: Check the scan report for vulnerabilities
         const reportResponse = await fetch(reportUrl);
         const reportData = await reportResponse.json();
-        const failOnSeverity = core.getInput('fail_on_severity'); // Get user-defined severity level
+        const failOnSeverity = getInput('fail_on_severity'); // Get user-defined severity level
         // const hasVulnsToFail = reportData.vulnerabilities.some(vuln => vuln.severity === failOnSeverity);
 
         if (failOnSeverity) {
@@ -78,7 +78,7 @@ async function run() {
                 severitiesToFailOn.includes(vuln.severity)
             );
             if (hasVulnsToFail) {
-                core.setFailed(`Vulnerabilities found with severity: ${severitiesToFailOn.join(', ')}`);
+                setFailed(`Vulnerabilities found with severity: ${severitiesToFailOn.join(', ')}`);
             } else {
                 console.log(`No vulnerabilities found with severity: ${severitiesToFailOn.join(', ')}`);
             }

.github/workflows/scan.yaml

@@ -21,7 +21,7 @@ jobs:
           image_name: 'hasura/graphql-engine:v2.35.0'
           severity: 'CRITICAL,HIGH'
           publish: 'report_private'
-          fail_on_severity: 'HIGH,CRITICAL'
+#          fail_on_severity: 'HIGH,CRITICAL'
 
       - name: Log the Scan Report URL
         run: |