From 69d5afcf8ba9d481a080733c3f067c904e492695 Mon Sep 17 00:00:00 2001 From: Malte Poll Date: Tue, 4 Oct 2022 11:10:20 +0200 Subject: [PATCH] Allow type "file:..." Signed-off-by: Malte Poll --- README.md | 10 ++++++++++ action.yml | 6 +++++- dist/attachReleaseAssets/index.js | 3 +++ dist/downloadSyft/index.js | 3 +++ dist/runSyftAction/index.js | 3 +++ src/Syft.ts | 13 ++++++++++++- src/github/SyftGithubAction.ts | 2 ++ 7 files changed, 38 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4afbd2ca..35719f33 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,16 @@ Use the `path` parameter, relative to the repository root: path: ./build/ ``` +### Scan a specific file + +Use the `file` parameter, relative to the repository root: + +```yaml +- uses: anchore/sbom-action@v0 + with: + path: ./build/file +``` + ### Publishing SBOMs with releases The `sbom-action` will detect being run during a diff --git a/action.yml b/action.yml index 71c25bf9..767976ca 100644 --- a/action.yml +++ b/action.yml @@ -7,9 +7,13 @@ branding: inputs: path: required: false - description: "A path on the filesystem to scan" + description: "A path to a directory on the filesystem to scan" default: "." + file: + required: false + description: "A file on the filesystem to scan" + image: required: false description: "A container image to scan" diff --git a/dist/attachReleaseAssets/index.js b/dist/attachReleaseAssets/index.js index 57d3b795..cdb701a6 100644 --- a/dist/attachReleaseAssets/index.js +++ b/dist/attachReleaseAssets/index.js @@ -24014,6 +24014,9 @@ function executeSyft(_a) { else if ("path" in input && input.path) { args = [...args, `dir:${input.path}`]; } + else if ("file" in input && input.file) { + args = [...args, `file:${input.file}`]; + } else { throw new Error("Invalid input, no image or path specified"); } diff --git a/dist/downloadSyft/index.js b/dist/downloadSyft/index.js index e4d5f637..28caf32d 100644 --- a/dist/downloadSyft/index.js +++ b/dist/downloadSyft/index.js @@ -24062,6 +24062,9 @@ function executeSyft(_a) { else if ("path" in input && input.path) { args = [...args, `dir:${input.path}`]; } + else if ("file" in input && input.file) { + args = [...args, `file:${input.file}`]; + } else { throw new Error("Invalid input, no image or path specified"); } diff --git a/dist/runSyftAction/index.js b/dist/runSyftAction/index.js index c39d79b1..9203c27f 100644 --- a/dist/runSyftAction/index.js +++ b/dist/runSyftAction/index.js @@ -24014,6 +24014,9 @@ function executeSyft(_a) { else if ("path" in input && input.path) { args = [...args, `dir:${input.path}`]; } + else if ("file" in input && input.file) { + args = [...args, `file:${input.file}`]; + } else { throw new Error("Invalid input, no image or path specified"); } diff --git a/src/Syft.ts b/src/Syft.ts index 893e0f32..cfe6ef68 100644 --- a/src/Syft.ts +++ b/src/Syft.ts @@ -5,6 +5,13 @@ export interface SyftDirectoryInput { path: string; } +/** + * Used for file input to Syft + */ +export interface SyftFileInput { + file: string; +} + /** * Used to point Syft to a registry to scan an image */ @@ -24,7 +31,11 @@ export interface SyftImageInput { * Syft invocation options */ export interface SyftOptions { - input: SyftDirectoryInput | SyftRegistryInput | SyftImageInput; + input: + | SyftDirectoryInput + | SyftFileInput + | SyftRegistryInput + | SyftImageInput; format: | "spdx" | "spdx-tag-value" diff --git a/src/github/SyftGithubAction.ts b/src/github/SyftGithubAction.ts index 22889474..384ff6d2 100644 --- a/src/github/SyftGithubAction.ts +++ b/src/github/SyftGithubAction.ts @@ -135,6 +135,8 @@ async function executeSyft({ } } else if ("path" in input && input.path) { args = [...args, `dir:${input.path}`]; + } else if ("file" in input && input.file) { + args = [...args, `file:${input.file}`]; } else { throw new Error("Invalid input, no image or path specified"); }