use inputs to get token
All checks were successful
Gosec Check / Gosec Check (push) Successful in 26s
All checks were successful
Gosec Check / Gosec Check (push) Successful in 26s
This commit is contained in:
parent
8c76e44d10
commit
b6774dc842
GPG key ID:
E46B5FEA35B22FF9
2 changed files with 15 additions and 1 deletions
14
action.yml
14
action.yml
|
|
@ -1,5 +1,19 @@
|
||||||
name: 'GoSec Scanning'
|
name: 'GoSec Scanning'
|
||||||
description: 'Scan codebase with gosec'
|
description: 'Scan codebase with gosec'
|
||||||
|
inputs:
|
||||||
|
token:
|
||||||
|
description: >
|
||||||
|
Personal access token (PAT) used to fetch the repository. The PAT is configured
|
||||||
|
with the local git config, which enables your scripts to run authenticated git
|
||||||
|
commands. The post-job step removes the PAT.
|
||||||
|
|
||||||
|
|
||||||
|
We recommend using a service account with the least permissions necessary.
|
||||||
|
Also when generating a new PAT, select the least scopes necessary.
|
||||||
|
|
||||||
|
|
||||||
|
[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
|
default: ${{ github.token }}
|
||||||
runs:
|
runs:
|
||||||
using: 'docker'
|
using: 'docker'
|
||||||
image: 'docker://git.shadowhosting.xyz/actions/goscan:latest'
|
image: 'docker://git.shadowhosting.xyz/actions/goscan:latest'
|
||||||
|
|
@ -185,7 +185,7 @@ var rootCmd = &cobra.Command{
|
||||||
log.Fatalln(err)
|
log.Fatalln(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
forgeClient, err := forgejo.NewClient(actionCtx.ServerURL, forgejo.SetToken(os.Getenv("GITHUB_TOKEN")))
|
forgeClient, err := forgejo.NewClient(actionCtx.ServerURL, forgejo.SetToken(action.GetInput("token")))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalln(err)
|
log.Fatalln(err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue