Initial commit

.eslintignore

@@ -0,0 +1,3 @@
+dist/
+lib/
+node_modules/

.eslintrc.json

@@ -0,0 +1,55 @@
+{
+    "plugins": ["jest", "@typescript-eslint"],
+    "extends": ["plugin:github/recommended"],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+      "ecmaVersion": 9,
+      "sourceType": "module",
+      "project": "./tsconfig.json"
+    },
+    "rules": {
+      "github/no-then": "off",
+      "eslint-comments/no-use": "off",
+      "import/no-namespace": "off",
+      "no-unused-vars": "off",
+      "@typescript-eslint/no-unused-vars": "error",
+      "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
+      "@typescript-eslint/no-require-imports": "error",
+      "@typescript-eslint/array-type": "error",
+      "@typescript-eslint/await-thenable": "error",
+      "@typescript-eslint/ban-ts-comment": "error",
+      "camelcase": "off",
+      "@typescript-eslint/consistent-type-assertions": "error",
+      "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
+      "@typescript-eslint/func-call-spacing": ["error", "never"],
+      "@typescript-eslint/no-array-constructor": "error",
+      "@typescript-eslint/no-empty-interface": "error",
+      "@typescript-eslint/no-explicit-any": "off",
+      "@typescript-eslint/no-extraneous-class": "error",
+      "@typescript-eslint/no-for-in-array": "error",
+      "@typescript-eslint/no-inferrable-types": "error",
+      "@typescript-eslint/no-misused-new": "error",
+      "@typescript-eslint/no-namespace": "error",
+      "@typescript-eslint/no-non-null-assertion": "warn",
+      "@typescript-eslint/no-unnecessary-qualifier": "error",
+      "@typescript-eslint/no-unnecessary-type-assertion": "error",
+      "@typescript-eslint/no-useless-constructor": "error",
+      "@typescript-eslint/no-var-requires": "error",
+      "@typescript-eslint/prefer-for-of": "warn",
+      "@typescript-eslint/prefer-function-type": "warn",
+      "@typescript-eslint/prefer-includes": "error",
+      "@typescript-eslint/prefer-string-starts-ends-with": "error",
+      "@typescript-eslint/promise-function-async": "off",
+      "@typescript-eslint/require-array-sort-compare": "error",
+      "@typescript-eslint/restrict-plus-operands": "error",
+      "semi": "off",
+      "@typescript-eslint/semi": ["error", "never"],
+      "@typescript-eslint/type-annotation-spacing": "error",
+      "@typescript-eslint/unbound-method": "error"
+    },
+    "env": {
+      "node": true,
+      "es6": true,
+      "jest/globals": true
+    }
+  }

.gitattributes

@@ -0,0 +1 @@
+dist/** -diff linguist-generated=true 

.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: 'npm'
+    # Look for `package.json` and `lock` files in the `root` directory
+    directory: '/'
+    # Check the npm registry for updates every day (weekdays)
+    schedule:
+      interval: 'daily'

.github/workflows/test.yml

@@ -0,0 +1,24 @@
+name: 'build-test'
+on: # rebuild any PRs and main branch changes
+  pull_request:
+  push:
+    branches:
+      - main
+      - 'releases/*'
+
+jobs:
+  build: # make sure build/ci work properly
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: |
+          npm install
+      - run: |
+          npm run all
+  test: # make sure the action works on a clean machine without building
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./
+        with:
+          milliseconds: 1000

.gitignore

@@ -0,0 +1,102 @@
+# Dependency directory
+node_modules
+
+# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# OS metadata
+.DS_Store
+Thumbs.db
+
+# Ignore built ts files
+__tests__/runner/*
+lib/**/*
+
+.idea
+*.iml

.prettierignore

@@ -0,0 +1,3 @@
+dist/
+lib/
+node_modules/

.prettierrc.json

@@ -0,0 +1,10 @@
+{
+  "printWidth": 80,
+  "tabWidth": 2,
+  "useTabs": false,
+  "semi": false,
+  "singleQuote": true,
+  "trailingComma": "none",
+  "bracketSpacing": false,
+  "arrowParens": "avoid"
+}

README.md

@@ -0,0 +1,47 @@
+codescan-scanner-action
+=============
+
+Run CodeScan static code analysis jobs from Github actions. The action may produce SARIF file with analysis results.
+
+## Input parameters for Action
+
+| Parameter name | Required / Default value | Description |
+|------------- | -------- | ---------------- |
+| organization | **required** | Organization Key |
+| projectKey | **required** | Project Key |
+| login | **required** | Security authentication key for the user having scan access for the project |
+| codeScanUrl | https://app.codescan.io/ | CodeScanCloud endpoint for your project |
+| pollingTimeoutSec | 300 | Timeout to wait for Post-Analysis report generation is completed (in seconds) |
+| generateSarifFile | true | The flag to indicate that SARIF file should be generated. |
+| args | | Optional parameters passed to CodeScan analyzer |
+
+## Example of using Action in Github Workflow
+
+```yml
+    -   name: Run Analysis
+        uses: codescan-io/codescan-scanner-action@main
+        with:
+            login: ${{ secrets.CODESCAN_AUTH_TOKEN }}
+            organization: test-org
+            projectKey: test-java-project
+            args: |
+                sonar.verbose=true
+                sonar.java.binaries=target
+```
+
+## SARIF file output
+
+Be default the Action will generate SARIF report file.
+You can disable this feature via `generateSarifFile` input parameter.
+
+As a next Workflow step you have to upload SARIF file:
+
+```
+    -   name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+            sarif_file: codescan.sarif
+```
+
+When SARIF file is uploaded, you can view, fix, and close alerts for potential vulnerabilities or errors in your project's code.
+For details read this article: [Managing alerts from code scanning](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning)

action.yml

@@ -0,0 +1,31 @@
+name: 'Your name here'
+description: 'Provide a description here'
+author: 'Your name or organization here'
+inputs:
+  organization:
+    required: true
+    description: 'CodeScan Organization Key'
+  projectKey:
+    required: true
+    description: 'CodeScan Project Key'
+  login:
+    required: true
+    description: 'CodeScan Login Key'
+  codeScanUrl:
+    required: false
+    description: 'CodeScanCloud endpoint for your project'
+    default: 'https://app.codescan.io/'
+  pollingTimeoutSec:
+    required: false
+    description: 'This task will poll CodeScanCloud until the analysis is completed, or until the timeout is reached'
+    default: '300'
+  generateSarifFile:
+    required: false
+    description: 'The flag to indicate that SARIF file should be generated'
+    default: 'true'
+  args:
+    required: false
+    description: 'Additional arguments to the sonarcloud scanner'
+runs:
+  using: 'node12'
+  main: 'dist/index.js'