initial commit

Signed-off-by: Takashi Yoneuchi <[email protected]>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,25 @@
+---
+name: Bug report
+about: Create a bug report
+title: ''
+labels: 'type:bug'
+assignees: ''
+
+---
+
+# Description of the bug
+
+TODO: Please provide a clear and concise description of the bug you found.
+
+# Steps to Reproduce
+
+TODO: Please describe steps to reproduce the bug.
+
+# Expected Behaviour
+
+TODO: Please describe the behavior you expect with the aforementioned steps.
+
+# Additional Materials
+
+TODO: Please add screenshots to help explain the bug if possible.
+

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: 'type:feature'
+assignees: ''
+
+---
+
+# Problem
+
+TODO: Please describe the problem you have.
+
+# Possible Solutions
+
+TODO: Please explain the possible solutions you've considered if possible.
+
+# Additional Notes
+
+TODO: Describe any other information you'd like to mention.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,15 @@
+# Description
+
+TODO: Describe why you've made your PR and what you've done in the PR. You can put a link for related GitHub issues here.
+
+# Checklist
+
+- [ ] I opened a draft PR or added the `[WIP]` to the title if my PR is not ready for review.
+- [ ] I have reviewed the code by myself.
+- [ ] I have commented my code, particularly in hard-to-understand areas.
+- [ ] I have made corresponding changes to the documentation.
+- [ ] I have added tests enough to show how your code behaves and that your code works as expected.
+
+# Additional Notes
+
+TODO: Describe any other information you'd like to mention.

.github/workflows/release.yml

@@ -0,0 +1,24 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+    paths-ignore:
+      - "docs"
+      - ".vscode"
+
+jobs:
+  create-release:
+    name: Create Github Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create a GitHub release
+        id: create-release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Release ${{ github.ref }}
+          draft: false

Dockerfile

@@ -0,0 +1,10 @@
+FROM ghcr.io/flatt-security/shisho-cli:v0.3.1 AS cli
+
+# ----
+
+FROM gcr.io/distroless/cc:debug
+
+COPY --from=cli /shisho /shisho
+COPY entrypoint.sh /
+
+ENTRYPOINT ["sh", "/entrypoint.sh"]

README.md

@@ -0,0 +1,32 @@
+# Shisho Action
+
+[GitHub Action](https://github.com/features/actions) for [Shisho](https://github.com/flatt-security/shisho)
+
+[![GitHub Release][release-img]][release]
+[![GitHub Marketplace][marketplace-img]][marketplace]
+[![License][license-img]][license]
+
+<!-- ![](docs/images/action.png) -->
+
+## Usage
+
+TODO
+
+### Example Workflow
+
+TODO
+
+### Integration with GitHub Code Scanning
+
+TODO
+
+## Configurations
+
+TODO
+
+[release]: https://github.com/flatt-security/shisho-action/releases/latest
+[release-img]: https://img.shields.io/github/release/flatt-security/shisho-action.svg?logo=github
+[marketplace]: https://github.com/marketplace/actions/flatt-security-shisho
+[marketplace-img]: https://img.shields.io/badge/marketplace-shisho--action-blue?logo=github
+[license]: https://github.com/flatt-security/shisho-action/blob/master/LICENSE
+[license-img]: https://img.shields.io/github/license/flatt-security/shisho-action

action.yml

@@ -0,0 +1,41 @@
+name: "Shisho Action"
+author: "Flatt Security"
+description: "Analyze and refactor your codebase with your own lint rules"
+inputs:
+  ruleset-path:
+    required: true
+    description: |
+      Path of rule sets.
+  target-path:
+    required: true
+    description: |
+      Path of files to search over. When you specify the path of a directory, Shisho search all files under the directory recursively.
+    default: "./"
+  output-format:
+    required: false
+    description: |
+      Output format. You can use `json`, `console`, and `sarif`.
+  output-path:
+    required: false
+    description: |
+      Path to put the output of Shisho. When unspecified, Shisho will use stdout.
+    default: "/dev/stdout"
+  succeed-always:
+    required: false
+    description: |
+      Flag that describes whether Shisho should exit with 0 regardless of the number of findings.
+    default: "false"
+runs:
+  using: "docker"
+  image: "Dockerfile"
+  args:
+    - -a
+    - "${{ inputs.ruleset-path }}"
+    - -b
+    - "${{ inputs.target-path }}"
+    - -c
+    - "${{ inputs.output-format }}"
+    - -d
+    - "${{ inputs.output-path }}"
+    - -e
+    - "${{ inputs.succeed-always }}"

entrypoint.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+unset GETOPT_COMPATIBLE
+OPTIONS=$(getopt -o a:b:c:d:e: -- "$@")
+eval set -- "$OPTIONS"
+
+while [ $# -gt 0 ]; do
+  case $1 in
+  -a)
+    export RULESET_PATH=$2
+    shift
+    ;;
+  -b)
+    export TARGET_PATH=$2
+    shift
+    ;;
+  -c)
+    export OUTPUT_FORMAT=$2
+    shift
+    ;;
+  -d)
+    export OUTPUT_PATH=$2
+    shift
+    ;;
+  -e)
+    export SUCCEED_ALWAYS=$2
+    shift
+    ;;
+  --)
+    shift
+    break
+    ;;
+  esac
+  shift
+done
+
+ARGS="$RULESET_PATH $TARGET_PATH"
+if [ $OUTPUT_FORMAT ]; then
+  ARGS="$ARGS --format $OUTPUT_FORMAT"
+fi
+if [ "$SUCCEED_ALWAYS" = "true" ]; then
+  ARGS="$ARGS --exit-zero"
+fi
+
+echo "[Run]"
+echo "command: shisho check $ARGS"
+echo "output: $OUTPUT_PATH"
+
+if [ $OUTPUT_PATH ]; then
+  /shisho check $ARGS >$OUTPUT_PATH
+else
+  /shisho check $ARGS
+fi