action.yml

name: 'BOMnipotent Server Vulnerability Check'
description: |-
      Updates the known Vulnerabilities for a given BOMnipotent Server instance, and checks for unassesed vulnerabilities.
author: 'Weichwerke Heidrich Software'
inputs:
  name:
    description: |-
      Filter the BOMs checked for vulnerabilities by the name of their main component.
      If not set, all BOM names will be checked.
    required: false
  version:
    description: |-
      Filter the BOMs checked for vulnerabilities by the version of their main component.
      If not set, all BOM versions will be checked.
    required: false
  skip-update:
    description: |-
      If set to 'true', the action will not update the vulnerabilities.
      It will not download the latest Grype version in this case.
    required: false
  skip-check:
    description: |-
      If set to 'true', the action will not check for unassessed vulnerabilities.
    required: false
runs:
  using: "composite"
  steps:
    - name: Download Grype
      if: ${{ inputs.skip-update != 'true' }}
      uses: anchore/scan-action/download-grype@v6
      id: grype

    - name: Add Grype to PATH
      if: ${{ inputs.skip-update != 'true' }}
      run: echo $(dirname "${{ steps.grype.outputs.cmd }}") >> $GITHUB_PATH
      shell: bash

    - name: Set GitHub Path
      run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
      shell: bash
      env:
        GITHUB_ACTION_PATH: ${{ github.action_path }}

    - name: Update Vulnerabilities
      run: |
        args=()
        if [ -n "${{ inputs.name }}" ]; then
          args+=("--name" "${{ inputs.name }}")
        fi
        if [ -n "${{ inputs.version }}" ]; then
          args+=("--version" "${{ inputs.version }}")
        fi
        if [ "${{ inputs.skip-update }}" == "true" ]; then
          args+=("--skip-update")
        fi
        if [ "${{ inputs.skip-check }}" == "true" ]; then
          args+=("--skip-check")
        fi
        update_vulns.sh "${args[@]}"
      shell: bash
branding:
  icon: 'triangle'
  color: 'orange'