GitHub Action for Steampunk Spotter

A GitHub Action for scanning your Ansible content with Steampunk Spotter.

Introduction
Prerequisites
Usage
Next Steps
Acknowledgement

Introduction

Steampunk Spotter is an Ansible Playbook Platform that scans, analyzes, enhances, and provides insights for your playbooks.

This GitHub Action allows you to use steampunk-spotter CLI within GitHub CI/CD workflows.

Prerequisites

You will need to create a new Steampunk Spotter account to be able to use this action.

Usage

To integrate Steampunk Spotter with your GitHub CI/CD pipeline, you have to specify the name of this repository with a tag number as a step within your YAML workflow file.

For example, inside your .github/workflows/ci.yml file:

steps:
- uses: actions/checkout@master
- uses: xlab-steampunk/spotter-action@<version>

Inputs

The action accepts the following inputs:

Name	Required	Default	Description
`endpoint`	no	/	Steampunk Spotter API endpoint (instead of default https://api.spotter.steampunk.si/api).
`api_token`	no	/	Steampunk Spotter API token (can be generated in the user settings within the Spotter App).
`username`	no	/	Steampunk Spotter username (this is an old auth method, use API token if possible).
`password`	no	/	Steampunk Spotter password (this is an old auth method, use API token if possible).
`timeout`	no	/	Steampunk Spotter API timeout (in seconds).
`config`	no	/	Path to JSON/YAML configuration file.
`paths`	no	.	List of paths to Ansible content files to be scanned. If not specified, the whole repository is scanned.
`project_id`	no	/	ID of an existing target project in the app, where the scan result will be stored. If not specified, the first project of the user's first organization (in the app) will be used.
`exclude_values`	no	false	Omits parsing and uploading values from Ansible playbooks.
`exclude_metadata`	no	false	Omits collecting and uploading metadata (i.e., file names, line and column numbers).
`display_level`	no	hint	Displays check results with specified level or greater (e.g., warning will show all warnings and errors, but suppress hints). Available options: hint, warning, error.
`no_docs_url`	no	false	Omits documentation URLs from the output.
`no_scan_url`	no	true	Omits scan URL from the output.
`ansible_version`	no	/	Ansible version to use for scanning. If not specified, all Ansible versions are considered for scanning.
`profile`	no	/	Sets profile with selected set of checks to be used for scanning.
`skip_checks`	no	/	Skips checks with specified IDs. IDs should be comma-separated, space-separated or newline-separated and can be found in the check catalog within the Spotter App.
`enforce_checks`	no	/	Enforce checks with specified IDs. IDs should be comma-separated, space-separated or newline-separated and can be found in the check catalog within the Spotter App.
`custom_policies_path`	no	/	Path to the file or folder with custom OPA policies written in Rego Language (enterprise feature).
`custom_policies_clear`	no	/	Clears OPA policies for custom Spotter checks after scanning (enterprise feature).
`debug`	no	/	Enable debug output.
`sarif_file`	no	/	Sets the name of the SARIF file and triggers the creation of the SARIF report.

Outputs

The action produces the following outputs:

output: Scan results from scanning your Ansible content using the spotter scan command.

Environment variables

The action will take into account the following environment variables:

SPOTTER_ENDPOINT: Steampunk Spotter API endpoint (instead of default https://api.spotter.steampunk.si/api).
SPOTTER_TOKEN: Steampunk Spotter API token (can be generated in the user settings within the Spotter App);
SPOTTER_USERNAME: Steampunk Spotter username;
SPOTTER_PASSWORD: Steampunk Spotter password.

We encourage you to authenticate by setting SPOTTER_TOKEN instead of old SPOTTER_USERNAME and SPOTTER_PASSWORD environment variables.

Examples

Here are some examples of how to use this GH Action.

Minimal example that scans the whole repository would look like this:

name: Minimal CI/CD workflow for Steampunk Spotter
on: [push]
jobs:
  run:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: xlab-steampunk/spotter-action@<version>
        env:
          SPOTTER_TOKEN: ${{ secrets.SPOTTER_TOKEN }}

A more complex example with multiple action inputs is the following:

name: More complex CI/CD workflow for Steampunk Spotter
on: [push]
jobs:
  run:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Scan Ansible content with different inputs
        uses: xlab-steampunk/spotter-action@<version>
        with:
          endpoint: https://api.spotter.steampunk.si/api
          api_token: ${{ secrets.SPOTTER_TOKEN }}
          config: config.yaml
          paths: playbook.yaml
          exclude_values: true
          exclude_metadata: true
          display_level: error
          no_docs_url: true
          ansible_version: 2.16
          profile: full
          skip_checks: E001,E903[fqcn=sensu.sensu_go.user]
          enforce_checks: E1300,E1301
          debug: true

Next steps

Please refer to the Steampunk Spotter Documentation for a more comprehensive usage.

Acknowledgement

This GitHub Action was created by XLAB Steampunk, IT automation specialist and leading expert in building Enterprise Ansible Collections.

xlab-steampunk / spotter-action Goto Github PK

spotter-action's Introduction

GitHub Action for Steampunk Spotter

Table of Contents

Introduction

Prerequisites

Usage

Inputs

Outputs

Environment variables

Examples

Next steps

Acknowledgement

spotter-action's People

Contributors

Stargazers

Watchers

Forkers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent