action.yml

name: "ghas-policy-as-code"
description: "Advance Security Policy as Code"

inputs:
  severity:
    description: "Severity Level"
    default: error

  repository:
    description: Repository owner and repo name
    default: ${{ github.repository }}

  token:
    description: GitHub Personal Access Token
    default: ${{ github.token }}

  policy-repo-token:
    description: Separate GitHub PAT if the policy files are stored in a separate repository

  ref:
    description: GitHub Ref
    default: ${{ github.ref }}

  action:
    description: "Action to take upon discovery of security issues hitting threshold"
    default: break

  policy:
    description: Policy as Code repository owner/repo name

  policy-path:
    description: Policy as Code file path (including path in repo)

  policy-branch:
    description: Policy as Code branch
    default: main

  retries:
    description: Number of times to retry the action
    default: 240 # 1 hours worth of retries

  argvs:
    description: "Additional Arguments"

runs:
  using: "composite"
  steps:
    - shell: bash
      run: |
        echo "Running Policy as Code..."
        export PYTHONPATH=${{ github.action_path }}:${{ github.action_path }}/vendor
        python3 -m ghascompliance \
          --severity "${{ inputs.severity }}" \
          --action "${{ inputs.action }}" \
          --github-token "${{ inputs.token }}" \
          --policy-repo-token "${{ inputs.policy-repo-token }}" \
          --github-repository "${{ inputs.repository }}" \
          --github-ref "${{ inputs.ref }}" \
          --github-policy "${{ inputs.policy }}" \
          --github-policy-path "${{ inputs.policy-path }}" \
          --github-policy-branch "${{ inputs.policy-branch }}" \
          --retry-count "${{ inputs.retries }}" \
          ${{ inputs.argvs }}