action.yml

name: 'Electronegativity'
description: 'Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.'
branding:
  icon: 'check-circle'
  color: 'purple'
inputs:
  input:
    description: --input argument. See https://github.com/doyensec/electronegativity/blob/master/README.md#cli
    required: false
    default: '.'
  version:
    description: NPM version of Electronegativity
    required: false
    default: 'latest'
  severity:
    description: --severity argument. See https://github.com/doyensec/electronegativity/blob/master/README.md#cli
    required: false
    default: ''
  confidence:
    description: --confidence argument. See https://github.com/doyensec/electronegativity/blob/master/README.md#cli
    required: false
    default: ''
  checks:
    description: --checks argument. See https://github.com/doyensec/electronegativity/blob/master/README.md#cli
    required: false
    default: ''
  exclude-checks:
    description: --exclude-checks argument. See https://github.com/doyensec/electronegativity/blob/master/README.md#cli
    required: false
    default: ''
  upgrade:
    description: --upgrade argument. See https://github.com/doyensec/electronegativity/blob/master/README.md#cli
    required: false
    default: ''
  electron-version:
    description: --electron-version argument. See https://github.com/doyensec/electronegativity/blob/master/README.md#cli
    required: false
    default: ''
  parser-plugins:
    description: --parser-plugins argument. See https://github.com/doyensec/electronegativity/blob/master/README.md#cli
    required: false
    default: ''
  node-args:
    description: If you're running into the "Fatal Error JavaScript heap out of memory", you can pass additional arguments to node like --max-old-space-size=4096
    required: false
    default: ''
runs:
  using: "composite"
  steps:
    - name: 'Run electronegativity'
      shell: bash
      run: |
        npm install @doyensec/electronegativity@${{ inputs.version }} -g
        mkdir ../electronegativity_results
        input="-i ${{ inputs.input }}"
        if [[ "${{ inputs.severity }}" != "" ]]; then
          severity="--severity ${{ inputs.severity }}"
        fi
        if [[ "${{ inputs.confidence }}" != "" ]]; then
          confidence="--confidence ${{ inputs.confidence }}"
        fi
        if [[ "${{ inputs.checks }}" != "" ]]; then
          checks="--checks ${{ inputs.checks }}"
        fi
        if [[ "${{ inputs.exclude-checks }}" != "" ]]; then
          excludechecks="--exclude-checks ${{ inputs.exclude-checks }}"
        fi
        if [[ "${{ inputs.upgrade }}" != "" ]]; then
          upgrade="--upgrade ${{ inputs.upgrade }}"
        fi
        if [[ "${{ inputs.electron-version }}" != "" ]]; then
          electronversion="--electron-version ${{ inputs.electron-version }}"
        fi
        if [[ "${{ inputs.parser-plugins }}" != "" ]]; then
          parserplugins="--parser-plugins ${{ inputs.parser-plugins }}"
        fi
        if [[ "${{ inputs.node-args }}" != "" ]]; then
          export NODE_OPTIONS="${{ inputs.node-args }}"
        fi
        electronegativity -r -o ../electronegativity_results/out.sarif $input $severity $confidence $checks $excludechecks $upgrade $electronversion $parserplugins