Merge pull request #27 from thc202/release-v0.5.0

psiinon · web-flow · commit 9a2c359fa309 · 2023-08-25T09:19:29.000+02:00
Allow to configure artifact name, release v0.5.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,7 +4,9 @@ All notable changes to this GitHub action will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## [Unreleased]
+## [0.5.0] - 2023-08-24
+### Added
+ - An input (`artifact_name`) used to name the artifact that contains the ZAP reports.
 
 ## [0.4.0] - 2023-08-02
 ### Changed
@@ -34,7 +36,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 First release to Marketplace.
 
-[Unreleased]: https://github.com/zaproxy/action-api-scan/compare/v0.4.0...HEAD
+[0.5.0]: https://github.com/zaproxy/action-api-scan/compare/v0.4.0...v0.5.0
 [0.4.0]: https://github.com/zaproxy/action-api-scan/compare/v0.3.1...v0.4.0
 [0.3.1]: https://github.com/zaproxy/action-api-scan/compare/v0.3.0...v0.3.1
 [0.3.0]: https://github.com/zaproxy/action-api-scan/compare/v0.2.0...v0.3.0
diff --git a/README.md b/README.md
@@ -57,6 +57,10 @@ You do not have to create a dedicated token. Make sure to use the GitHub's defau
 **Optional** By default ZAP Docker container will fail with an [exit code](https://github.com/zaproxy/zaproxy/blob/7abbd57f6894c2abf4f1ed00fb95e99c34ef2e28/docker/zap-api-scan.py#L35),
 if it identifies any alerts. Set this option to `true` if you want to fail the status of the GitHub Scan if ZAP identifies any alerts during the scan.
 
+### `artifact_name`
+
+**Optional** By default the action will attach the report to the build with the name `zap_scan`. Set this to a different string to name it something else. Consult [GitHub's documentation](https://github.com/actions/toolkit/blob/main/packages/artifact/docs/additional-information.md#non-supported-characters) for which artifact names are allowed.
+
 ## Environment variables
 
 If set, the following [ZAP authentication environment variables](https://www.zaproxy.org/docs/authentication/handling-auth-yourself/#authentication-env-vars)
@@ -73,7 +77,7 @@ will be copied into the docker container:
 ```
 steps:
   - name: ZAP Scan
-    uses: zaproxy/action-api-scan@v0.4.0
+    uses: zaproxy/action-api-scan@v0.5.0
     with:
       target: 'https://www.zaproxy.org/'
 ```
@@ -94,7 +98,7 @@ jobs:
           ref: master
 
       - name: ZAP Scan
-        uses: zaproxy/action-api-scan@v0.4.0
+        uses: zaproxy/action-api-scan@v0.5.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
diff --git a/action.yml b/action.yml
@@ -37,6 +37,10 @@ inputs:
     description: 'The action will file the report to the GitHub issue using the issue_title input'
     required: false
     default: true
+  artifact_name:
+    description: 'The name of the artifact that contains the ZAP reports'
+    required: false
+    default: 'zap_scan'
 runs:
   using: 'node16'
   main: 'dist/index.js'
diff --git a/dist/index.js b/dist/index.js
@@ -38342,6 +38342,7 @@ async function run() {
         let issueTitle = core.getInput('issue_title');
         let failAction = core.getInput('fail_action');
         let allowIssueWriting = core.getInput('allow_issue_writing');
+        let artifactName = core.getInput('artifact_name');
         let createIssue = true;
 
         if (!(String(failAction).toLowerCase() === 'true' || String(failAction).toLowerCase() === 'false')) {
@@ -38351,6 +38352,12 @@ async function run() {
         if (String(allowIssueWriting).toLowerCase() === 'false') {
             createIssue = false;
         }
+
+        if (!artifactName) {
+            console.log('[WARNING]: \'artifact_name\' action input should not be empty. Setting it back to the default name.');
+            artifactName = 'zap_scan';
+        }
+
         console.log('starting the program');
         console.log('github run id :' + currentRunnerID);
 
@@ -38387,7 +38394,7 @@ async function run() {
                 console.log('Scanning process completed, starting to analyze the results!')
             }
         }
-        await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName, createIssue);
+        await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName, createIssue, artifactName);
     } catch (error) {
         core.setFailed(error.message);
     }
diff --git a/index.js b/index.js
@@ -23,6 +23,7 @@ async function run() {
         let issueTitle = core.getInput('issue_title');
         let failAction = core.getInput('fail_action');
         let allowIssueWriting = core.getInput('allow_issue_writing');
+        let artifactName = core.getInput('artifact_name');
         let createIssue = true;
 
         if (!(String(failAction).toLowerCase() === 'true' || String(failAction).toLowerCase() === 'false')) {
@@ -32,6 +33,12 @@ async function run() {
         if (String(allowIssueWriting).toLowerCase() === 'false') {
             createIssue = false;
         }
+
+        if (!artifactName) {
+            console.log('[WARNING]: \'artifact_name\' action input should not be empty. Setting it back to the default name.');
+            artifactName = 'zap_scan';
+        }
+
         console.log('starting the program');
         console.log('github run id :' + currentRunnerID);
 
@@ -68,7 +75,7 @@ async function run() {
                 console.log('Scanning process completed, starting to analyze the results!')
             }
         }
-        await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName, createIssue);
+        await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName, createIssue, artifactName);
     } catch (error) {
         core.setFailed(error.message);
     }
