Move code (#1)

.github/renovate.json

@@ -0,0 +1,5 @@
+{
+  "extends": [
+    "config:base"
+  ]
+}

.github/workflows/dockerimage.yml

@@ -0,0 +1,18 @@
+name: Docker Image CI
+
+on: [push]
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Clone repo
+      uses: actions/checkout@master
+      with:
+        fetch-depth: 1
+
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag tfsec:$(date +%s)

.gitignore

@@ -0,0 +1,9 @@
+# macOS
+.DS_Store
+.DS_Store?
+**/.DS_Store
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db

Dockerfile

@@ -0,0 +1,13 @@
+FROM alpine:3.11
+
+RUN apk --no-cache --update add git curl \
+    && rm -rf /var/cache/apk/*
+
+RUN wget -O - -q https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b /usr/local/bin/
+
+RUN curl -L "$(curl -s https://api.github.com/repos/liamg/tfsec/releases/latest | grep -o -E "https://.+?-linux-amd64")" > tfsec \
+    && install tfsec /usr/local/bin/
+
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1,2 +1,66 @@
-# action-tfsec
-Run tfsec with reviewdog on pull requests to enforce security best practices
+# GitHub Action: Run tfsec with reviewdog
+
+This action runs [tfsec](https://github.com/liamg/tfsec) with
+[reviewdog](https://github.com/reviewdog/reviewdog) on pull requests
+to enforce best practices.
+
+## Examples
+
+### With `github-pr-check`
+
+By default, with `reporter: github-pr-check` an annotation is added to
+the line:
+
+![Example comment made by the action, with github-pr-check](./example-github-pr-check.png)
+
+### With `github-pr-review`
+
+With `reporter: github-pr-review` a comment is added to
+the Pull Request Conversation:
+
+![Example comment made by the action, with github-pr-review](./example-github-pr-review.png)
+
+## Inputs
+
+### `github_token`
+
+**Required**. Must be in form of `github_token: ${{ secrets.github_token }}`.
+
+### `level`
+
+Optional. Report level for reviewdog [`info`,`warning`,`error`].
+It's same as `-level` flag of reviewdog.
+The default is `error`.
+
+### `reporter`
+
+Optional. Reporter of reviewdog command [`github-pr-check`,`github-pr-review`].
+The default is `github-pr-check`.
+
+### `flags`
+
+Optional. List of arguments to send to tfsec.
+For the output to be parsable by reviewdog [`--format=checkstyle` is enforced](./entrypoint.sh).
+The default is ``.
+
+## Example usage
+
+```yml
+name: tfsec
+on: [pull_request]
+jobs:
+  tfsec:
+    name: runner / tfsec
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@master
+
+      - name: tfsec
+        uses: reviewdog/action-tfsec@master
+        with:
+          github_token: ${{ secrets.github_token }}
+          reporter: github-pr-review # Change reporter
+          flags: "" # Optional
+```

action.yml

@@ -0,0 +1,33 @@
+name: 'Run tfsec with reviewdog'
+description: '🐶 Run tfsec with reviewdog on pull requests to enforce security best practices'
+author: 'vlaaaaaaad (reviewdog)'
+
+inputs:
+  github_token:
+    description: 'GITHUB_TOKEN'
+    required: true
+  level:
+    description: 'Report level for reviewdog [info,warning,error]'
+    default: 'error'
+  reporter:
+    description: |
+      Reporter of reviewdog command [github-pr-check,github-pr-review].
+      Default is github-pr-check.
+    default: 'github-pr-check'
+  flags:
+    description: |
+      List of arguments to send to tfsec
+      For the output to be parsable by reviewdog --format=checkstyle is enforced
+      Default is blank.
+    default: ''
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+    - ${{ inputs.github_token }}
+    - ${{ inputs.level }}
+    - ${{ inputs.reporter }}
+    - ${{ inputs.flags }}
+branding:
+  icon: 'edit'
+  color: 'gray-dark'

entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+cd "$GITHUB_WORKSPACE"
+
+export REVIEWDOG_GITHUB_API_TOKEN="${INPUT_GITHUB_TOKEN}"
+
+tfsec --format=checkstyle ${INPUT_FLAGS} \
+  | reviewdog -f=checkstyle -name="tfsec" -reporter="${INPUT_REPORTER}" -level="${INPUT_LEVEL}"