GitHub/trufflehog
1
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2026-05-16 13:20:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(actions): check to install jq if it is not already (#4000)

Browse Source 
- Change single quotes to double quotes for consistency
- Add a check to install `jq` if it is not already installed

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Kashif Khan <70996046+kashifkhan0771@users.noreply.github.com>
Co-authored-by: Nabeel Alam <nabeelalam811@gmail.com>
This commit is contained in:
Bo-Yi Wu
2025-06-04 13:28:15 +08:00
committed by GitHub
parent 45655e9963
commit f3b7c132cf
1 changed files with 74 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files
action.yml
+74 -67
View File
@@ -10,16 +10,16 @@ inputs:
base: base:
description: Start scanning from here (usually main branch). description: Start scanning from here (usually main branch).
required: false required: false
default: '' default: ""
head: head:
description: Scan commits until here (usually dev branch). description: Scan commits until here (usually dev branch).
required: false required: false
extra_args: extra_args:
default: '' default: ""
description: Extra args to be passed to the trufflehog cli. description: Extra args to be passed to the trufflehog cli.
required: false required: false
version: version:
default: 'latest' default: "latest"
description: Scan with this trufflehog cli version. description: Scan with this trufflehog cli version.
required: false required: false
branding: branding:
@@ -29,71 +29,78 @@ branding:
runs: runs:
using: "composite" using: "composite"
steps: steps:
- shell: bash - shell: bash
working-directory: ${{ inputs.path }} working-directory: ${{ inputs.path }}
env: env:
BASE: ${{ inputs.base }} BASE: ${{ inputs.base }}
HEAD: ${{ inputs.head }} HEAD: ${{ inputs.head }}
ARGS: ${{ inputs.extra_args }} ARGS: ${{ inputs.extra_args }}
COMMIT_IDS: ${{ toJson(github.event.commits.*.id) }} COMMIT_IDS: ${{ toJson(github.event.commits.*.id) }}
VERSION: ${{ inputs.version }} VERSION: ${{ inputs.version }}
run: | run: |
########################################## ##########################################
## ADVANCED USAGE ## ## ADVANCED USAGE ##
## Scan by BASE & HEAD user inputs ## ## Scan by BASE & HEAD user inputs ##
## If BASE == HEAD, exit with error ## ## If BASE == HEAD, exit with error ##
########################################## ##########################################
git status >/dev/null # make sure we are in a git repository # Check if jq is installed, if not, install it
if [ -n "$BASE" ] || [ -n "$HEAD" ]; then if ! command -v jq &> /dev/null
if [ -n "$BASE" ]; then then
base_commit=$(git rev-parse "$BASE" 2>/dev/null) || true echo "jq could not be found, installing..."
else apt-get -y update && apt-get install -y jq
base_commit=""
fi fi
if [ -n "$HEAD" ]; then
head_commit=$(git rev-parse "$HEAD" 2>/dev/null) || true git status >/dev/null # make sure we are in a git repository
else if [ -n "$BASE" ] || [ -n "$HEAD" ]; then
head_commit="" if [ -n "$BASE" ]; then
fi base_commit=$(git rev-parse "$BASE" 2>/dev/null) || true
if [ "$base_commit" == "$head_commit" ] ; then
echo "::error::BASE and HEAD commits are the same. TruffleHog won't scan anything. Please see documentation (https://github.com/trufflesecurity/trufflehog#octocat-trufflehog-github-action)."
exit 1
fi
##########################################
## Scan commits based on event type ##
##########################################
else
if [ "${{ github.event_name }}" == "push" ]; then
COMMIT_LENGTH=$(printenv COMMIT_IDS | jq length)
if [ $COMMIT_LENGTH == "0" ]; then
echo "No commits to scan"
exit 0
fi
HEAD=${{ github.event.after }}
if [ ${{ github.event.before }} == "0000000000000000000000000000000000000000" ]; then
BASE=""
else else
BASE=${{ github.event.before }} base_commit=""
fi
if [ -n "$HEAD" ]; then
head_commit=$(git rev-parse "$HEAD" 2>/dev/null) || true
else
head_commit=""
fi
if [ "$base_commit" == "$head_commit" ] ; then
echo "::error::BASE and HEAD commits are the same. TruffleHog won't scan anything. Please see documentation (https://github.com/trufflesecurity/trufflehog#octocat-trufflehog-github-action)."
exit 1
fi
##########################################
## Scan commits based on event type ##
##########################################
else
if [ "${{ github.event_name }}" == "push" ]; then
COMMIT_LENGTH=$(printenv COMMIT_IDS | jq length)
if [ $COMMIT_LENGTH == "0" ]; then
echo "No commits to scan"
exit 0
fi
HEAD=${{ github.event.after }}
if [ ${{ github.event.before }} == "0000000000000000000000000000000000000000" ]; then
BASE=""
else
BASE=${{ github.event.before }}
fi
elif [ "${{ github.event_name }}" == "workflow_dispatch" ] || [ "${{ github.event_name }}" == "schedule" ]; then
BASE=""
HEAD=""
elif [ "${{ github.event_name }}" == "pull_request" ]; then
BASE=${{github.event.pull_request.base.sha}}
HEAD=${{github.event.pull_request.head.sha}}
fi fi
elif [ "${{ github.event_name }}" == "workflow_dispatch" ] || [ "${{ github.event_name }}" == "schedule" ]; then
BASE=""
HEAD=""
elif [ "${{ github.event_name }}" == "pull_request" ]; then
BASE=${{github.event.pull_request.base.sha}}
HEAD=${{github.event.pull_request.head.sha}}
fi fi
fi ##########################################
########################################## ## Run TruffleHog ##
## Run TruffleHog ## ##########################################
########################################## docker run --rm -v .:/tmp -w /tmp \
docker run --rm -v .:/tmp -w /tmp \ ghcr.io/trufflesecurity/trufflehog:${VERSION} \
ghcr.io/trufflesecurity/trufflehog:${VERSION} \ git file:///tmp/ \
git file:///tmp/ \ --since-commit \
--since-commit \ ${BASE:-''} \
${BASE:-''} \ --branch \
--branch \ ${HEAD:-''} \
${HEAD:-''} \ --fail \
--fail \ --no-update \
--no-update \ --github-actions \
--github-actions \ ${ARGS:-''}
${ARGS:-''}