From b44ceb1fba8029c3be7e0f2a8b8d4d6c67eafbc3 Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Wed, 29 May 2024 15:37:21 +0100 Subject: [PATCH 1/2] Use environment variable for GitHub API Use GITHUB_API_URL for the request to the dependency snapshot endpoint so requests work in GitHub Enterprise Server. --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 79fd708..cfa046c 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -207,7 +207,7 @@ set -e if [[ "${format}" == "github" ]]; then if [[ "$(echo $githubPAT | xargs)" != "" ]]; then printf "\n Uploading GitHub Dependency Snapshot" - curl -H 'Accept: application/vnd.github+json' -H "Authorization: token $githubPAT" 'https://api.github.com/repos/'$GITHUB_REPOSITORY'/dependency-graph/snapshots' -d @./$(echo $output | xargs) + curl -H 'Accept: application/vnd.github+json' -H "Authorization: token $githubPAT" ''$GITHUB_API_URL'/repos/'$GITHUB_REPOSITORY'/dependency-graph/snapshots' -d @./$(echo $output | xargs) else printf "\n Failing GitHub Dependency Snapshot. Missing github-pat" fi From fa20707b8a9033f38b3b67f12894759b525675a7 Mon Sep 17 00:00:00 2001 From: martincostello Date: Thu, 30 May 2024 10:00:25 +0100 Subject: [PATCH 2/2] Add input for GitHub API URL Add an option to override the GitHub API URL to use - defaults to `$GITHUB_API_URL`. --- action.yaml | 5 +++++ entrypoint.sh | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/action.yaml b/action.yaml index f13a5aa..95d8f02 100644 --- a/action.yaml +++ b/action.yaml @@ -85,6 +85,10 @@ inputs: github-pat: description: 'GitHub Personal Access Token (PAT) for submitting SBOM to GitHub Dependency Snapshot API' required: false + github-api-url: + description: 'URL of the GitHub REST API for submitting SBOM to GitHub Dependency Snapshot API' + required: false + default: ${{ github.api_url }} trivy-config: description: 'path to trivy.yaml config' required: false @@ -124,6 +128,7 @@ runs: - '-t ${{ inputs.trivyignores }}' - '-u ${{ inputs.github-pat }}' - '-v ${{ inputs.trivy-config }}' + - '-w ${{ inputs.github-api-url }}' - '-x ${{ inputs.tf-vars }}' - '-z ${{ inputs.limit-severities-for-sarif }}' - '-y ${{ inputs.docker-host }}' diff --git a/entrypoint.sh b/entrypoint.sh index cfa046c..1594842 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash set -e -while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:y:z:" o; do +while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:w:x:y:z:" o; do case "${o}" in a) export scanType=${OPTARG} @@ -68,6 +68,9 @@ while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:y:z:" o; do v) export trivyConfig=${OPTARG} ;; + w) + export githubApiUrl=${OPTARG} + ;; x) export tfVars=${OPTARG} ;; @@ -207,7 +210,7 @@ set -e if [[ "${format}" == "github" ]]; then if [[ "$(echo $githubPAT | xargs)" != "" ]]; then printf "\n Uploading GitHub Dependency Snapshot" - curl -H 'Accept: application/vnd.github+json' -H "Authorization: token $githubPAT" ''$GITHUB_API_URL'/repos/'$GITHUB_REPOSITORY'/dependency-graph/snapshots' -d @./$(echo $output | xargs) + curl -H 'Accept: application/vnd.github+json' -H "Authorization: token $githubPAT" ''$githubApiUrl'/repos/'$GITHUB_REPOSITORY'/dependency-graph/snapshots' -d @./$(echo $output | xargs) else printf "\n Failing GitHub Dependency Snapshot. Missing github-pat" fi