ci: tent fix for github inputs if ignored

gipo999 · Jun 13, 2024 · f9286f9 · f9286f9
1 parent ff1152e
commit f9286f9
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 25 deletions.
diff --git a/.github/actions/attack/action.yml b/.github/actions/attack/action.yml
@@ -16,22 +16,22 @@ inputs:
   github_token:
     description: "github token"
     required: true
-  run-wapiti:
+  run_wapiti:
     description: "run wapiti"
     required: false
-    default: true
-  run-zap:
+    default: false
+  run_zap:
     description: "run zap"
     required: false
-    default: true
-  run-nmap:
+    default: false
+  run_nmap:
     description: "run nmap"
     required: false
     default: false
-  run-snyk:
+  run_snyk:
     description: "run snyk"
     required: false
-    default: true
+    default: false
 runs:
   using: composite
   steps:
@@ -40,15 +40,15 @@ runs:
     # emits .wapiti/generated_report/report.html
     # for now, base default scan, can be improved alot: https://github.com/wapiti-scanner/wapiti/blob/master/doc/wapiti.ronn
     - name: Wapiti Scan
-      if: ${{ inputs.run-wapiti }}
+      if: ${{ inputs.run_wapiti }}
       # I cloned their repo and created the docker image, pushing it to my registry
       # Then i created a githbu action with nodejs to run the docker image since we need --network=host
       uses: gipo355/vuln-docker-scanners-wapiti-action@6147b708e264ce95171ba8c246f0d84a7e6d718a # v1.0.3
       with:
         target: "http://localhost:8080/tomcat-webapp-boilerplate/app"
         github_token: ${{ inputs.github_token }}
     - name: Set output if wapiti has run
-      if: ${{ inputs.run-wapiti }}
+      if: ${{ inputs.run_wapiti }}
       shell: bash
       run: echo "wapiti=true" >> $GITHUB_OUTPUT
     # ZAP
@@ -64,7 +64,7 @@ runs:
     # could do post-processing: create custom action to convert zap json to sarif or use zap sarif addon
     # check trivy, snyk actions for reference on parsing
     - name: ZAP Scan
-      if: ${{ inputs.run-zap }}
+      if: ${{ inputs.run_zap }}
       uses: zaproxy/action-full-scan@d2a07475d467566c9a3e3c700f31f47724aa1060 # v0.10.0
       with:
         # pat for creating issues
@@ -75,7 +75,7 @@ runs:
         # rules_file_name: ".zap/rules.tsv"
         cmd_options: "-aj"
     - name: Set output if zap has run
-      if: ${{ inputs.run-zap }}
+      if: ${{ inputs.run_zap }}
       shell: bash
       run: echo "zap=true" >> $GITHUB_OUTPUT
     #
@@ -89,7 +89,7 @@ runs:
     # NOTE: nmap deactivated for now as it possibly exposes github vulns
     #
     - name: Nmap Scan
-      if: ${{ inputs.run-nmap }}
+      if: ${{ inputs.run_nmap }}
       uses: gipo355/vuln-docker-scanners-nmap-action@debeebb1184d79dd8e7f1148aebe58a8b2f86efe # v1.1.4
       with:
         github_token: ${{ inputs.github_token }}
@@ -100,20 +100,20 @@ runs:
         flags: "-sV"
         generate_reports: true
     - name: Set output if nmap has run
-      if: ${{ inputs.run-nmap }}
+      if: ${{ inputs.run_nmap }}
       shell: bash
       run: echo "nmap=true" >> $GITHUB_OUTPUT
     #
     # SNYK
     - name: Set up Snyk CLI to check for security issues
-      if: ${{ inputs.run-snyk }}
+      if: ${{ inputs.run_snyk }}
       uses: snyk/actions/setup@d406fd286b663eb8c6f8adcced4f7bcd199c0a3f
     - name: Set output if snyk has run
-      if: ${{ inputs.run-snyk }}
+      if: ${{ inputs.run_snyk }}
       shell: bash
       run: echo "snyk=true" >> $GITHUB_OUTPUT
     - name: login to snyk
-      if: ${{ inputs.run-snyk }}
+      if: ${{ inputs.run_snyk }}
       shell: bash
       run: snyk auth ${{ inputs.snyk_token }}
     # SNYK CONTAINER
@@ -130,7 +130,7 @@ runs:
     #     at async runWrapper (/home/runner/work/_actions/github/codeql-action/f079b8493333aace61c81488f8bd40919487bd9f/lib/upload-sarif-action.js:84:9)
     #
     - name: run snyk container
-      if: ${{ inputs.run-snyk }}
+      if: ${{ inputs.run_snyk }}
       shell: bash
       run: snyk container test ${{ inputs.docker_tag }} --file=Dockerfile --sarif > snyk-container.sarif || true
       #

diff --git a/.github/workflows/vulnerability-scans.yml b/.github/workflows/vulnerability-scans.yml
@@ -81,17 +81,17 @@ jobs:
           pat: ${{ secrets.PAT }}
           snyk_token: ${{ secrets.SNYK_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          run-nmap: false
-          run-snyk: true
-          run-wapiti: true
-          run-zap: true
+          run_nmap: false
+          run_snyk: true
+          run_wapiti: true
+          run_zap: true
       - name: Publish reports to GitHub Pages
         if: ${{ env.SHOULD_RUN && github.ref == 'refs/heads/dev' }}
         uses: ./.github/actions/gh-pages-reports
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           gh_pages_dir: "./docs/gh-pages"
-          nmap: ${{ steps.attack.outputs.nmap == 'true' }}
-          snyk: ${{ steps.attack.outputs.snyk == 'true' }}
-          wapiti: ${{ steps.attack.outputs.wapiti == 'true' }}
-          zap: ${{ steps.attack.outputs.zap == 'true' }}
+          nmap: ${{ steps.attack.outputs.nmap }}
+          snyk: ${{ steps.attack.outputs.snyk }}
+          wapiti: ${{ steps.attack.outputs.wapiti }}
+          zap: ${{ steps.attack.outputs.zap }}