Socket Security Github Action #118
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Socket Security GitHub Actions Workflow | |
| # This workflow runs Socket Security scans on every commit to any branch | |
| # It automatically detects git repository information and handles different event types | |
| name: socket-security-workflow | |
| run-name: Socket Security Github Action | |
| on: | |
| push: | |
| branches: ["**"] # Run on all branches, all commits | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| issue_comment: | |
| types: [created] | |
| # Prevent concurrent runs for the same commit | |
| concurrency: | |
| group: socket-scan-${{ github.ref }}-${{ github.sha }} | |
| cancel-in-progress: true | |
| jobs: | |
| socket-security: | |
| permissions: | |
| issues: write | |
| contents: read | |
| pull-requests: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # For PRs, fetch one additional commit for proper diff analysis | |
| fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }} | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install Socket CLI | |
| run: pip install socketsecurity --upgrade | |
| - name: Run Socket Security Scan | |
| env: | |
| SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }} | |
| GH_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Determine PR number based on event type | |
| PR_NUMBER=0 | |
| if [ "${{ github.event_name }}" == "pull_request" ]; then | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| elif [ "${{ github.event_name }}" == "issue_comment" ]; then | |
| PR_NUMBER=${{ github.event.issue.number }} | |
| fi | |
| # Run Socket CLI with minimal required parameters | |
| # The CLI automatically detects: | |
| # - Repository name from git | |
| # - Branch name from git | |
| # - Commit SHA from git | |
| # - Commit message from git | |
| # - Committer information from git | |
| # - Default branch status from git and GitHub environment | |
| # - Changed files from git commit | |
| socketcli \ | |
| --target-path $GITHUB_WORKSPACE \ | |
| --scm github \ | |
| --pr-number $PR_NUMBER |