-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathaction.yml
More file actions
175 lines (175 loc) · 5.63 KB
/
action.yml
File metadata and controls
175 lines (175 loc) · 5.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
name: 'ClickBOM'
description: 'Download SBOMs from GitHub, Mend, and Wiz. Convert to CycloneDX and SPDX formats. Upload to S3 and ClickHouse.'
author: 'ClickHouse, Inc.'
inputs:
# GitHub-specific inputs
github-token:
description: 'GitHub token for API access'
required: false
repository:
description: 'Repository to download SBOM from (format: owner/repo)'
required: false
# Mend-specific inputs
mend-email:
description: 'Mend user email address'
required: false
mend-org-uuid:
description: 'Mend organization UUID for authentication'
required: false
mend-user-key:
description: 'Mend user key for authentication'
required: false
mend-base-url:
description: 'Mend base URL (e.g., https://api-saas.mend.io)'
required: false
default: 'https://api-saas.mend.io'
mend-product-uuid:
description: 'Mend product UUID for product-scoped SBOM'
required: false
mend-project-uuid:
description: 'Mend project UUID for project-scoped SBOM'
required: false
mend-org-scope-uuid:
description: 'Mend organization UUID for organization-scoped SBOM (different from auth org UUID)'
required: false
mend-project-uuids:
description: 'Comma-separated list of specific project UUIDs to include'
required: false
mend-max-wait-time:
description: 'Maximum time to wait for Mend report generation (seconds)'
required: false
default: '1800'
mend-poll-interval:
description: 'Polling interval for Mend report status (seconds)'
required: false
default: '30'
# Wiz-specific inputs
wiz-auth-endpoint:
description: 'Wiz authentication endpoint'
required: false
wiz-api-endpoint:
description: 'Wiz API endpoint'
required: false
wiz-client-id:
description: 'Wiz API client ID'
required: false
wiz-client-secret:
description: 'Wiz API client secret'
required: false
wiz-report-id:
description: 'Wiz report ID to download'
required: false
# AWS-specific inputs
aws-access-key-id:
description: 'AWS Access Key ID'
required: true
aws-secret-access-key:
description: 'AWS Secret Access Key'
required: true
aws-region:
description: 'AWS region'
required: false
default: 'us-east-1'
s3-bucket:
description: 'S3 bucket name'
required: true
s3-key:
description: 'S3 object key/path'
required: false
default: 'sbom.json'
# ClickHouse-specific inputs
clickhouse-url:
description: 'ClickHouse URL for storing SBOM components data'
required: false
# clickhouse-port:
# description: 'ClickHouse port'
# required: false
# default: '8123'
clickhouse-database:
description: 'ClickHouse database name'
required: false
default: 'default'
clickhouse-username:
description: 'ClickHouse username'
required: false
default: 'default'
clickhouse-password:
description: 'ClickHouse password'
required: false
default: ''
truncate-table:
description: 'Truncate ClickHouse table before inserting new data'
required: false
default: 'false'
# General inputs
sbom-source:
description: 'SBOM source: github or mend'
required: false
default: 'github'
sbom-format:
description: 'Final SBOM format (spdxjson or cyclonedx)'
required: false
default: 'cyclonedx'
merge:
description: 'Merge SBOM files from S3 into one'
required: false
default: 'false'
include:
description: 'Comma-separated list of filenames or patterns to include when merging (only used with merge=true)'
required: false
default: ''
exclude:
description: 'Comma-separated list of filenames or patterns to exclude when merging (only used with merge=true)'
required: false
default: ''
debug:
description: 'Enable debug logging'
required: false
default: 'false'
runs:
using: 'docker'
image: 'Dockerfile'
env:
# GitHub-specific
GITHUB_TOKEN: ${{ inputs.github-token }}
REPOSITORY: ${{ inputs.repository }}
# Mend-specific (corrected authentication)
MEND_EMAIL: ${{ inputs.mend-email }}
MEND_ORG_UUID: ${{ inputs.mend-org-uuid }}
MEND_USER_KEY: ${{ inputs.mend-user-key }}
MEND_BASE_URL: ${{ inputs.mend-base-url }}
MEND_PROJECT_UUID: ${{ inputs.mend-project-uuid }}
MEND_PRODUCT_UUID: ${{ inputs.mend-product-uuid }}
MEND_ORG_SCOPE_UUID: ${{ inputs.mend-org-scope-uuid }}
MEND_PROJECT_UUIDS: ${{ inputs.mend-project-uuids }}
MEND_MAX_WAIT_TIME: ${{ inputs.mend-max-wait-time }}
MEND_POLL_INTERVAL: ${{ inputs.mend-poll-interval }}
# Wiz-specific
WIZ_AUTH_ENDPOINT: ${{ inputs.wiz-auth-endpoint }}
WIZ_API_ENDPOINT: ${{ inputs.wiz-api-endpoint }}
WIZ_CLIENT_ID: ${{ inputs.wiz-client-id }}
WIZ_CLIENT_SECRET: ${{ inputs.wiz-client-secret }}
WIZ_REPORT_ID: ${{ inputs.wiz-report-id }}
# AWS-specific
AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
AWS_DEFAULT_REGION: ${{ inputs.aws-region }}
S3_BUCKET: ${{ inputs.s3-bucket }}
S3_KEY: ${{ inputs.s3-key }}
# ClickHouse-specific
CLICKHOUSE_URL: ${{ inputs.clickhouse-url }}
# CLICKHOUSE_PORT: ${{ inputs.clickhouse-port }}
CLICKHOUSE_DATABASE: ${{ inputs.clickhouse-database }}
CLICKHOUSE_USERNAME: ${{ inputs.clickhouse-username }}
CLICKHOUSE_PASSWORD: ${{ inputs.clickhouse-password }}
TRUNCATE_TABLE: ${{ inputs.truncate-table }}
# General
SBOM_SOURCE: ${{ inputs.sbom-source }}
SBOM_FORMAT: ${{ inputs.sbom-format }}
MERGE: ${{ inputs.merge }}
INCLUDE: ${{ inputs.include }}
EXCLUDE: ${{ inputs.exclude }}
DEBUG: ${{ inputs.debug }}
branding:
icon: 'list'
color: 'yellow'