feat: bump up the Shisho version to 0.4.0 & add paths-ignore flag

Signed-off-by: Takashi Yoneuchi <[email protected]>
flatt-security · Oct 8, 2021 · bf9d7a6 · bf9d7a6
1 parent 9133b6b
commit bf9d7a6
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/flatt-security/shisho-cli:v0.3.5 AS cli
+FROM ghcr.io/flatt-security/shisho-cli:v0.4.0 AS cli
 
 # ----
 

diff --git a/README.md b/README.md
@@ -72,6 +72,7 @@ This action has the following inputs that can be used as `step.with` keys:
 | `output-format`           | String |                      | Output format (one of `json`, `console`, and `sarif`)                                                |
 | `output-path`             | String | `/dev/stdout`        | Path of output files (When you specify `/dev/stdout`, you can output the results to standard output) |
 | `succeed-always`          | bool   | `false`              | Whether to force exit code to be 0 regardless of findings.                                           |
+| `paths-ignore`            | String |                      | Comma-separated lists of path patterns to ignore. Example: `node_modules/*,foo/,./bar`               |
 
 [release]: https://github.com/flatt-security/shisho-action/releases/latest
 [release-img]: https://img.shields.io/github/release/flatt-security/shisho-action.svg?logo=github

diff --git a/action.yml b/action.yml
@@ -25,6 +25,12 @@ inputs:
     description: |
       Flag that describes whether Shisho should exit with 0 regardless of the number of findings.
     default: "false"
+  paths-ignore:
+    required: false
+    description: |
+      Comma-seprated lists of path patterns that you want Shisho to ignore. You can use wildcards like "*" and "**".
+      Example: node_modules/*,foo/,./bar*
+    default: ""
 runs:
   using: "docker"
   image: "Dockerfile"
@@ -39,6 +45,8 @@ runs:
     - "${{ inputs.output-path }}"
     - -e
     - "${{ inputs.succeed-always }}"
+    - -f
+    - "${{ inputs.paths-ignore }}"
 branding:
   icon: "check-circle"
   color: "blue"
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 unset GETOPT_COMPATIBLE
-OPTIONS=$(getopt -o a:b:c:d:e: -- "$@")
+OPTIONS=$(getopt -o a:b:c:d:e:f: -- "$@")
 eval set -- "$OPTIONS"
 
 while [ $# -gt 0 ]; do
@@ -26,6 +26,10 @@ while [ $# -gt 0 ]; do
     export SUCCEED_ALWAYS=$2
     shift
     ;;
+  -f)
+    export PATHS_IGNORE=$2
+    shift
+    ;;
   --)
     shift
     break
@@ -42,6 +46,10 @@ if [ "$SUCCEED_ALWAYS" = "true" ]; then
   ARGS="$ARGS --exit-zero"
 fi
 
+for PATH_TO_IGNORE in ${PATHS_IGNORE//,/ }; do
+  ARGS="$ARGS --exclude \"$PATH_TO_IGNORE\""
+done
+
 echo "[Run]"
 echo "command: shisho check $ARGS"
 echo "output: $OUTPUT_PATH"