feat(COD-4237): add a working directory option to the action

lacework · Jan 28, 2025 · 66f227f · 66f227f
1 parent 8c0de50
commit 66f227f
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 11 deletions.
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -39,7 +39,7 @@ jobs:
         uses: ./../action
         with:
           target: push
-          sources: ${{ github.workspace }}
+          working-directory: ${{ github.workspace }}
           debug: true
       - name: Check run succeeded
         env:

diff --git a/action.yaml b/action.yaml
@@ -2,8 +2,8 @@ name: 'lacework-code-security'
 description: "Scan code with Lacework's Code Security offering"
 author: 'Lacework'
 inputs:
-  sources:
-    description: 'Sources directory to analyze'
+  working-directory:
+    description: 'Set working directory to run the analysis on'
     required: false
     default: '.'
   target:
@@ -80,7 +80,7 @@ runs:
       shell: bash
       if: ${{ inputs.debug == 'true' }}
       run: |
-          echo "LW_LOG=debug" >> $GITHUB_ENV
+        echo "LW_LOG=debug" >> $GITHUB_ENV
     - if: steps.cache.outputs.cache-hit != 'true'
       shell: bash
       run: |
@@ -113,7 +113,7 @@ runs:
     - id: run-analysis
       uses: './../lacework-code-security'
       with:
-        sources: '${{ inputs.sources }}'
+        working-directory: '${{ inputs.working-directory }}'
         target: '${{ inputs.target }}'
         debug: '${{ inputs.debug }}'
         token: '${{ inputs.token || github.token }}'

diff --git a/src/index.ts b/src/index.ts
@@ -1,11 +1,12 @@
 import { error, getInput, info, setOutput, warning } from '@actions/core'
-import { existsSync, appendFileSync } from 'fs'
+import { appendFileSync, existsSync } from 'fs'
 import {
   downloadArtifact,
   postCommentIfInPr,
   resolveExistingCommentIfFound,
   uploadArtifact,
 } from './actions'
+import { downloadKeys, trustedKeys } from './keys'
 import { compareResults, createPRs, printResults } from './tool'
 import {
   autofix,
@@ -15,12 +16,11 @@ import {
   getActionRef,
   getMsSinceStart,
   getOptionalEnvVariable,
-  getOrDefault,
   getRequiredEnvVariable,
   getRunUrl,
+  getWorkingDirectory,
   telemetryCollector,
 } from './util'
-import { downloadKeys, trustedKeys } from './keys'
 
 const scaSarifReport = 'scaReport/output.sarif'
 const scaReport = 'sca.sarif'
@@ -46,11 +46,11 @@ async function runAnalysis() {
   const toUpload: string[] = []
 
   await downloadKeys()
+  const workingDirectory = getWorkingDirectory()
   // command to print both sarif and lwjson formats
   var args = [
     'sca',
     'scan',
-    '.',
     '--save-results',
     '-o',
     scaDir,
@@ -61,7 +61,9 @@ async function runAnalysis() {
     '--keyring',
     trustedKeys,
     '--secret',
+    workingDirectory,
   ]
+  args.push(getWorkingDirectory())
   if (indirectDeps.toLowerCase() === 'false') {
     args.push('--eval-direct-only')
   }

diff --git a/src/util.ts b/src/util.ts
@@ -1,5 +1,4 @@
-import { getInput, isDebug } from '@actions/core'
-import { error, info } from '@actions/core'
+import { error, getInput, info, isDebug } from '@actions/core'
 import { spawn } from 'child_process'
 import { TelemetryCollector } from './telemetry'
 
@@ -29,6 +28,10 @@ export function autofix() {
   return getBooleanInput('autofix') && getInput('target') != 'old'
 }
 
+export function getWorkingDirectory() {
+  return getOrDefault('working-directory', '.')
+}
+
 export function getRunUrl(): string {
   let result = getRequiredEnvVariable('GITHUB_SERVER_URL')
   result += '/'