Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/xlab-steampunk/spotter-action
GitHub Action for Steampunk Spotter
https://github.com/xlab-steampunk/spotter-action
actions ansible ansible-playbook ansible-role automation continuous-integration github-actions linter sast spotter steampunk
Last synced: about 1 month ago
JSON representation
GitHub Action for Steampunk Spotter
- Host: GitHub
- URL: https://github.com/xlab-steampunk/spotter-action
- Owner: xlab-steampunk
- Created: 2022-09-07T06:33:40.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2024-05-23T05:10:25.000Z (6 months ago)
- Last Synced: 2024-09-30T17:42:39.011Z (about 2 months ago)
- Topics: actions, ansible, ansible-playbook, ansible-role, automation, continuous-integration, github-actions, linter, sast, spotter, steampunk
- Language: Shell
- Homepage: https://steampunk.si/spotter/
- Size: 46.9 KB
- Stars: 4
- Watchers: 4
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# GitHub Action for Steampunk Spotter
A GitHub Action for scanning your Ansible content with [Steampunk Spotter].
## Table of Contents
- [Introduction](#introduction)
- [Prerequisites](#prerequisites)
- [Usage](#usage)
- [Inputs](#inputs)
- [Outputs](#outputs)
- [Environment variables](#environment-variables)
- [Next Steps](#next-steps)
- [Acknowledgement](#acknowledgement)
## Introduction
[Steampunk Spotter] is an Ansible Playbook Platform that scans, analyzes,
enhances, and provides insights for your playbooks.
This GitHub Action allows you to use [steampunk-spotter] CLI within GitHub
CI/CD workflows.
## Prerequisites
You will need to create a [new Steampunk Spotter account] to be able to use
this action.
## Usage
To integrate [Steampunk Spotter] with your GitHub CI/CD pipeline, you have to
specify the name of this repository with a tag number as a step within your
YAML workflow file.
For example, inside your `.github/workflows/ci.yml` file:
```yaml
steps:
- uses: actions/checkout@master
- uses: xlab-steampunk/spotter-action@
```
### Inputs
The action accepts the following inputs:
| Name | Required | Default | Description |
|-------------------------|----------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `endpoint` | no | / | Steampunk Spotter API endpoint (instead of default https://api.spotter.steampunk.si/api). |
| `api_token` | no | / | Steampunk Spotter API token (can be generated in the user settings within the Spotter App). |
| `username` | no | / | Steampunk Spotter username (this is an old auth method, use API token if possible). |
| `password` | no | / | Steampunk Spotter password (this is an old auth method, use API token if possible). |
| `timeout` | no | / | Steampunk Spotter API timeout (in seconds). |
| `config` | no | / | Path to JSON/YAML configuration file. |
| `paths` | no | . | List of paths to Ansible content files to be scanned. If not specified, the whole repository is scanned. |
| `project_id` | no | / | ID of an existing target project in the app, where the scan result will be stored. If not specified, the first project of the user's first organization (in the app) will be used. |
| `exclude_values` | no | false | Omits parsing and uploading values from Ansible playbooks. |
| `exclude_metadata` | no | false | Omits collecting and uploading metadata (i.e., file names, line and column numbers). |
| `display_level` | no | hint | Displays check results with specified level or greater (e.g., warning will show all warnings and errors, but suppress hints). Available options: hint, warning, error. |
| `no_docs_url` | no | false | Omits documentation URLs from the output. |
| `no_scan_url` | no | true | Omits scan URL from the output. |
| `ansible_version` | no | / | Ansible version to use for scanning. If not specified, all Ansible versions are considered for scanning. |
| `profile` | no | / | Sets profile with selected set of checks to be used for scanning. |
| `skip_checks` | no | / | Skips checks with specified IDs. IDs should be comma-separated, space-separated or newline-separated and can be found in the check catalog within the Spotter App. |
| `enforce_checks` | no | / | Enforce checks with specified IDs. IDs should be comma-separated, space-separated or newline-separated and can be found in the check catalog within the Spotter App. |
| `custom_policies_path` | no | / | Path to the file or folder with custom OPA policies written in Rego Language (enterprise feature). |
| `custom_policies_clear` | no | / | Clears OPA policies for custom Spotter checks after scanning (enterprise feature). |
| `debug` | no | / | Enable debug output. |
| `sarif_file` | no | / | Sets the name of the SARIF file and triggers the creation of the SARIF report. |
### Outputs
The action produces the following outputs:
* `output`: Scan results from scanning your Ansible content using the `spotter scan` command.
### Environment variables
The action will take into account the following environment variables:
* `SPOTTER_ENDPOINT`: Steampunk Spotter API endpoint (instead of default
https://api.spotter.steampunk.si/api).
* `SPOTTER_TOKEN`: Steampunk Spotter API token (can be generated in the
user settings within the Spotter App);
* `SPOTTER_USERNAME`: Steampunk Spotter username;
* `SPOTTER_PASSWORD`: Steampunk Spotter password.
We encourage you to authenticate by setting `SPOTTER_TOKEN` instead of old
`SPOTTER_USERNAME` and `SPOTTER_PASSWORD` environment variables.
### Examples
Here are some examples of how to use this GH Action.
Minimal example that scans the whole repository would look like this:
```yaml
name: Minimal CI/CD workflow for Steampunk Spotter
on: [push]
jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: xlab-steampunk/spotter-action@
env:
SPOTTER_TOKEN: ${{ secrets.SPOTTER_TOKEN }}
```
A more complex example with multiple action inputs is the following:
```yaml
name: More complex CI/CD workflow for Steampunk Spotter
on: [push]
jobs:
run:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Scan Ansible content with different inputs
uses: xlab-steampunk/spotter-action@
with:
endpoint: https://api.spotter.steampunk.si/api
api_token: ${{ secrets.SPOTTER_TOKEN }}
config: config.yaml
paths: playbook.yaml
exclude_values: true
exclude_metadata: true
display_level: error
no_docs_url: true
ansible_version: 2.16
profile: full
skip_checks: E001,E903[fqcn=sensu.sensu_go.user]
enforce_checks: E1300,E1301
debug: true
```
### Next steps
Please refer to the [Steampunk Spotter Documentation] for a more comprehensive usage.
## Acknowledgement
This GitHub Action was created by [XLAB Steampunk], IT automation specialist
and leading expert in building Enterprise Ansible Collections.
[Steampunk Spotter]: https://steampunk.si/spotter/
[steampunk-spotter]: https://pypi.org/project/steampunk-spotter/
[new Steampunk Spotter account]: https://spotter.steampunk.si
[Steampunk Spotter Documentation]: https://spotter.steampunk.si/docs/
[XLAB Steampunk]: https://steampunk.si/