{"id":14070411,"url":"https://github.com/mikepenz/xray-action","last_synced_at":"2025-10-04T19:45:59.173Z","repository":{"id":37835193,"uuid":"306291424","full_name":"mikepenz/xray-action","owner":"mikepenz","description":"... a GitHub action to import test results into \"Xray\" - A complete Test Management tool for Jira.","archived":false,"fork":false,"pushed_at":"2025-09-12T23:01:27.000Z","size":13629,"stargazers_count":55,"open_issues_count":8,"forks_count":21,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-14T05:25:17.999Z","etag":null,"topics":["actions","automation","cd","ci","continuous-integration","github-actions","hacktoberfest","jira","test","testing","testing-tools","workflow","xray"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mikepenz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["mikepenz"]}},"created_at":"2020-10-22T09:44:47.000Z","updated_at":"2025-09-09T09:52:07.000Z","dependencies_parsed_at":"2024-06-18T22:52:08.642Z","dependency_job_id":"9fc728a9-1c28-49b1-a12a-60aa48dc26c7","html_url":"https://github.com/mikepenz/xray-action","commit_stats":{"total_commits":452,"total_committers":9,"mean_commits":50.22222222222222,"dds":"0.27876106194690264","last_synced_commit":"892be9371daacc021d83f099b51924a8cc1f1194"},"previous_names":[],"tags_count":47,"template":false,"template_full_name":"actions/typescript-action","purl":"pkg:github/mikepenz/xray-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikepenz%2Fxray-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikepenz%2Fxray-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikepenz%2Fxray-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikepenz%2Fxray-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mikepenz","download_url":"https://codeload.github.com/mikepenz/xray-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikepenz%2Fxray-action/sbom","scorecard":{"id":645843,"data":{"date":"2025-08-11","repo":{"name":"github.com/mikepenz/xray-action","commit":"bf32ddc6b9e69096628f94876566303a067aa95e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.7,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":1,"reason":"Found 1/8 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/mikepenz/xray-action/codeql-analysis.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .devcontainer/postCreateCommand.sh:3","Warn: npmCommand not pinned by hash: .github/workflows/build.yml:21","Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned","Info: 0 out of 2 third-party GitHubAction dependencies pinned","Info: 0 out of 2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 26 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T12:07:07.267Z","repository_id":37835193,"created_at":"2025-08-21T12:07:07.268Z","updated_at":"2025-08-21T12:07:07.268Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278366611,"owners_count":25975091,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","automation","cd","ci","continuous-integration","github-actions","hacktoberfest","jira","test","testing","testing-tools","workflow","xray"],"created_at":"2024-08-13T07:07:44.206Z","updated_at":"2025-10-04T19:45:59.161Z","avatar_url":"https://github.com/mikepenz.png","language":"TypeScript","funding_links":["https://github.com/sponsors/mikepenz","http://paypal.me/mikepenz"],"categories":["TypeScript"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n :octocat:\n\u003c/div\u003e\n\u003ch1 align=\"center\"\u003e\n xray-action\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n ... a GitHub action to import test results into \"Xray\" - A complete Test Management tool for Jira.\n\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n \u003ca href=\"https://github.com/mikepenz/xray-action/actions\"\u003e\n\t\t\u003cimg src=\"https://github.com/mikepenz/xray-action/workflows/CI/badge.svg\"/\u003e\n\t\u003c/a\u003e\n\u003c/div\u003e\n\u003cbr /\u003e\n\n-------\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#setup\"\u003eSetup 🛠️\u003c/a\u003e \u0026bull;\n \u003ca href=\"#contribute-\"\u003eContribute 🧬\u003c/a\u003e \u0026bull;\n \u003ca href=\"#license\"\u003eLicense 📓\u003c/a\u003e\n\u003c/p\u003e\n\n-------\n\n## Setup\n\n### Configure the workflow\n\nSpecify the action as part of your GitHub actions workflow, using a [Xray API key](https://docs.getxray.app/display/XRAYCLOUD/Global+Settings%3A+API+Keys) (i.e. a pair of client id and client secret):\n\n\u003cdetails open\u003e\n\u003csummary\u003eXray Cloud\u003c/summary\u003e\n\u003cp\u003e\n\n```yml\n- name: \"Import results to Xray\"\n uses: mikepenz/xray-action@{latest-release}\n with:\n username: ${{ secrets.XRAY_CLIENT_ID }}\n password: ${{ secrets.XRAY_CLIENT_SECRET }}\n testFormat: \"junit\"\n testPaths: \"**/test/*.xml\"\n testExecKey: \"TEST-1\"\n projectKey: \"TEST\"\n```\n\n\u003c/p\u003e\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\n\u003csummary\u003eXray Server/DC\u003c/summary\u003e\n\u003cp\u003e\n\nIf you're using Xray Server/DC, you'll need to set `xrayCloud` as \"false\", use Jira credentials for authentication, and specify additional parameters.\n\n ```yml\n- name: \"Import results to Xray\"\n uses: mikepenz/xray-action@{latest-release}\n with:\n username: ${{ secrets.JIRA_USERNAME }}\n password: ${{ secrets.JIRA_PASSWORD }}\n xrayCloud: \"false\"\n xrayBaseUrl: \"https://myjiraserver.example.com\"\n testFormat: \"junit\"\n testPaths: \"**/test/*.xml\"\n testExecKey: \"TEST-1\"\n projectKey: \"TEST\"\n importRetryLimit: \"5\" # Retry up to 5 times on failure\n responseTimeout: \"120000\" # 2 minutes timeout\n```\n\n⚠️ Xray Server/DC requires `test plan`, `test env`, `revision` to be defined via their custom field. See additional details on passing a custom [test execution json](#test-execution-json).\n\n\u003c/p\u003e\n\u003c/details\u003e\n\n\n💡 Do not specify username and password in cleartext, instead prefer to read them from GitHub action secrets.\n\n| **Input** | **Description** | **Required** |\n|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|\n| `xrayCloud` | Defines which variant of Xray to target [cloud vs Server/DC] (default=\"true\") | |\n| `xrayBaseUrl` | Defines the base URL for Xray Server/DC, could be used to change XRay Data region for XRay Cloud (required if xrayCloud=\"false\") | x* |\n| `username` | Xray API client id (cloud) or Jira username (Server/DC). (Required for xrayCloud) | x* |\n| `password` | Xray API client secret (cloud) or Jira password (Server/DC). (Required for xrayCloud) | x* |\n| `xrayToken` | Xray Personal Access Token. If provided username/password are ignored. (Xray Server/DC only) | |\n| `testFormat` | Describes the import formats [\"xray\", \"cucumber\", \"behave\", \"junit\", \"testng\", \"nunit\", \"xunit\", \"robot\", \"bundle\"] | x |\n| `testPaths` | [Glob](https://github.com/actions/toolkit/tree/master/packages/glob) expression to report paths. The default is `**/junit-reports/TEST-*.xml`. | x |\n| `testMerge` | Merges together multiple test report files into a single report. Supported for: [\"junit\", \"cucumber\"]. (Default: true) | |\n| `testExecKey` | Key of the Test Execution | x |\n| `projectKey` | Key of the project where the Test Execution (if the testExecKey parameter wasn't provided) and the tests (if they aren't created yet) are going to be created. | x |\n| `testPlanKey` | Key of the Test Plan; if you specify the Test Plan, the Tests will be added automatically to the Test Plan if they're not part of it. | |\n| `testEnvironments` | A string containing a list of test environments separated by \";\" | |\n| `revision` | Source code and documentation version used in the test execution. | |\n| `fixVersion` | The Fix Version associated with the test execution (it supports only one value). | |\n| `combineInSingleTestExec` | If no `testExecKey` is provided, it will generate a testExec with the first import, and reuse the same for all other imports. (Default: false) | |\n| `failOnImportError` | Defines if the action should fail if an import error occurred. (Default: false) | |\n| `continueOnImportError` | Defines if the action should continue after a single import error occurred. (Default: true) | |\n| `importParallelism` | Specifies the level of parallelism to import to Xray. (Default: 2) | |\n| `responseTimeout` | Specifies the maximum duration for a request (in milliseconds) to wait for a response to execute before timing out. The default is 60000 milliseconds. | |\n| `importRetryLimit` | Specifies the maximum number of retries for failed import requests. The default is 2. | |\n| `testExecutionJson` | File path to a json file, containing the meta information to create the xray test execution ticket. | |\n| `testJson` | File path to a json file, containing the meta information to create the xray test ticket. | |\n\n#### Test execution json\n\nThe test execution json should the meta information in the following format:\n\n\u003cdetails open\u003e\n\u003csummary\u003eXray Cloud\u003c/summary\u003e\n\u003cp\u003e\n\n```json\n{\n \"fields\": {\n \"summary\": \"Brand new Test execution\",\n \"issuetype\": { \"id\": \"10007\" },\n \"components\": [\n { \"name\": \"Interface\" },\n { \"name\": \"Core\" }\n ]\n }\n}\n```\n\n\u003c/p\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eXray Server/DC\u003c/summary\u003e\n\u003cp\u003e\n\n⚠️ For Xray Server/DC environments `test plan`, `test env`, `revision` fields are required to be provided via their custom field. See the [official API documentation](https://docs.getxray.app/display/XRAY/Import+Execution+Results+-+REST#ImportExecutionResultsREST-XrayJSONresultsMultipart) for more details.\n\n```json\n{\n \"fields\": {\n \"summary\": \"Brand new Test execution\",\n \"issuetype\": { \"id\": \"10007\" },\n \"components\" : [\n { \"name\":\"Interface\" },\n { \"name\":\"Core\" }\n ],\n \"customfield_10032\" : [\n \"TES-38\"\n ]\n }\n}\n```\n\n\u003c/p\u003e\n\u003c/details\u003e \n\n💡 The import will fail if the provided issueType for example does not exist. Please ensure correct information is provided.\n\n### Action outputs\n\nAfter action execution it will return helpful information.\n\n```yml\n# ${{steps.{XRAY_STEP_ID}.outputs.count}}\n${{steps.xray.outputs.count}}\n```\n\nA full set list of possible output values for this action.\n\n\n| **Output** | **Description** |\n|-----------------|----------------------------------------|\n| count | The count of imported files. |\n| completed | The count of completed imports. |\n| failed | The count of failed imports. |\n| errorMessage | The message of failed imports. |\n| errorStatusCode | The status code of failed imports. |\n| testExecKey | The key of the created test execution. |\n\n## Contribute 🧬\n\n```bash\n# Install the dependencies \n$ npm install\n\n# Build the typescript and package it for distribution\n$ npm run build \u0026\u0026 npm run package\n\n# Run the tests, use to debug, and test it out\n# Please note you have to uncomment the test\n# Provide your xray instance username and password\n# And then execute the test:\n$ npm test\n\n# Verify lint is happy\n$ npm run lint -- --fix\n```\n\n## Xray\n\n- [Xray](https://docs.getxray.app/site/xray) website\n- Currently fully supporting all (non multipart) requests according to [Xray REST API documentation](https://docs.getxray.app/display/XRAY/Import+Execution+Results+-+REST#expander-339243592)\n- Partially support for multipart request. Supports specifying test execution meta information [Xray REST API documentation](https://docs.getxray.app/display/XRAY/Import+Execution+Results+-+REST#expander-1959649602)\n\n## Developed By\n\n* Mike Penz\n * [mikepenz.com](http://mikepenz.com) - \u003cmikepenz@gmail.com\u003e\n * [paypal.me/mikepenz](http://paypal.me/mikepenz)\n\n## Other actions\n\n- [release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action)\n- [action-junit-report](https://github.com/mikepenz/action-junit-report)\n- [jira-release-composition-action](https://github.com/mikepenz/jira-release-composite-action)\n\n## License\n\n Copyright 2025 Mike Penz\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikepenz%2Fxray-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmikepenz%2Fxray-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikepenz%2Fxray-action/lists"}