progress on javascript action

Signed-off-by: Rogério Peixoto <rogerio.peixoto@checkmarx.com>

.github/workflows/test_action.yaml

@@ -16,10 +16,9 @@ jobs:
           path: test/samples/positive1.tf,test/samples/positive2.tf
           token: ${{ secrets.GITHUB_TOKEN }}
           timeout: 60
-          verbose: true
+          # output_path: myoutput/
-          output_path: myoutput/
           output_formats: sarif
-          ignore_on_exit: errors
+          ignore_on_exit: results
           enable_comments: true
       - run: ls -la && ls -la myoutput
         if: always()

action.yml

@@ -2,10 +2,9 @@
 name: "KICS Github Action"
 description: "Run KICS scan against IaC projects"
 inputs:
-  kics_version:
+  token:
-    required: false
+    required: true
-    default: "latest"
+    description: "Github token"
-    description: "KICS version to use (defaults to latest)"
   enable_comments:
     required: false
     default: false

dist/index.js

@@ -18017,14 +18017,15 @@ const kicsInput = {
     bom: { value_type: "bool", flag: '--bom', value: core.getInput('bom') },
 };
 
-async function scanWithKICS(enableComments) {
+function addJSONReportFormat(cmdArgs) {
-    let resultsFile;
+    const outputFormats = core.getInput('output_formats');
-
+    if (outputFormats.toLowerCase().indexOf('json') == -1) {
-    if (!kicsInput.path.value) {
+        cmdArgs.push('--report-formats');
-        core.error('Path to scan is not set');
+        cmdArgs.push('json');
-        core.setFailed('Path to scan is not set');
     }
-    let cmdArgs = [];
+}
+
+function addKICSCmdArgs(cmdArgs) {
     for (let input in kicsInput) {
         if (kicsInput[input].value_type === 'string') {
             if (kicsInput[input].value) {
@@ -18054,27 +18055,34 @@ async function scanWithKICS(enableComments) {
             }
         }
     }
+}
+
+async function scanWithKICS(enableComments) {
+    let resultsJSONFile;
+
+    if (!kicsInput.path.value) {
+        core.error('Path to scan is not set');
+        core.setFailed('Path to scan is not set');
+    }
+    let cmdArgs = [];
+    addKICSCmdArgs(cmdArgs);
 
     // making sure results.json is always created when PR comments are enabled
     if (enableComments) {
         if (!cmdArgs.find(arg => arg == '--output-path')) {
             cmdArgs.push('--output-path');
             cmdArgs.push('./');
-            resultsFile = './results.json';
+            resultsJSONFile = './results.json';
         } else {
-            const outputFormats = core.getInput('output_formats');
-            if (outputFormats.toLowerCase().indexOf('json') == -1) {
-                cmdArgs.push('--report-formats');
-                cmdArgs.push('json');
-            }
             let resultsDir = core.getInput('output_path');
-            resultsFile = filepath.join(resultsDir, '/results.json');
+            resultsJSONFile = filepath.join(resultsDir, '/results.json');
         }
+        addJSONReportFormat(cmdArgs);
     }
     exitCode = await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`, [], { ignoreReturnCode: true });
     return {
         statusCode: exitCode,
-        resultsFile: resultsFile
+        resultsJSONFile: resultsJSONFile
     };
 }
 
@@ -18082,7 +18090,6 @@ module.exports = {
     scanWithKICS
 };
 
-
 /***/ }),
 
 /***/ 2877:
@@ -18304,6 +18311,7 @@ const scanner = __nccwpck_require__(3157);
 
 const core = __nccwpck_require__(2186);
 const github = __nccwpck_require__(5438);
+const io = __nccwpck_require__(7436);
 
 const fs = __nccwpck_require__(5747);
 
@@ -18367,6 +18375,13 @@ function readJSON(filename) {
     return parsedJSON;
 }
 
+function cleanupOutput(resultsJSONFile) {
+    const outputFormats = core.getInput('output_formats');
+    if (!outputFormats.toLowerCase().includes('json') || core.getInput('output_path') === '') {
+        io.rmRF(resultsJSONFile);
+    }
+}
+
 async function main() {
     console.log("Running KICS action...");
     try {
@@ -18390,10 +18405,11 @@ async function main() {
         await install.installKICS();
         const scanResults = await scanner.scanWithKICS(enableComments);
         if (enableComments) {
-            let parsedResults = readJSON(scanResults.resultsFile);
+            let parsedResults = readJSON(scanResults.resultsJSONFile);
             await commenter.postPRComment(parsedResults, repo, prNumber, octokit);
         }
 
+        cleanupOutput(scanResults.resultsJSONFile);
         setWorkflowStatus(scanResults.statusCode);
     } catch (e) {
         console.error(e);

package-lock.json

@@ -12,6 +12,7 @@
         "@actions/core": "^1.6.0",
         "@actions/exec": "^1.1.0",
         "@actions/github": "^5.0.0",
+        "@actions/io": "^1.1.1",
         "@actions/tool-cache": "^1.7.1",
         "moment": "^2.29.1"
       },

package.json

@@ -22,6 +22,7 @@
     "@actions/core": "^1.6.0",
     "@actions/exec": "^1.1.0",
     "@actions/github": "^5.0.0",
+    "@actions/io": "^1.1.1",
     "@actions/tool-cache": "^1.7.1",
     "moment": "^2.29.1"
   },

src/main.js

@@ -4,14 +4,10 @@ const scanner = require("./scanner");
 
 const core = require("@actions/core");
 const github = require("@actions/github");
+const io = require("@actions/io");
 
 const fs = require("fs");
 
-const actionInputs = {
-    kics_version: { value: core.getInput('kics_version') },
-    enable_comments: { value: core.getInput('enable_comments') },
-}
-
 const exitStatus = {
     results: {
         codes: {
@@ -67,12 +63,19 @@ function readJSON(filename) {
     return parsedJSON;
 }
 
+function cleanupOutput(resultsJSONFile) {
+    const outputFormats = core.getInput('output_formats');
+    if (!outputFormats.toLowerCase().includes('json') || core.getInput('output_path') === '') {
+        io.rmRF(resultsJSONFile);
+    }
+}
+
 async function main() {
     console.log("Running KICS action...");
     try {
         const githubToken = core.getInput("token");
         const octokit = github.getOctokit(githubToken);
-        let enableComments = actionInputs.enable_comments.value.toLocaleLowerCase() === "true";
+        let enableComments = core.getInput('enable_comments').toLocaleLowerCase() === "true";
         let context = {};
         let repo = '';
         let prNumber = '';
@@ -90,10 +93,11 @@ async function main() {
         await install.installKICS();
         const scanResults = await scanner.scanWithKICS(enableComments);
         if (enableComments) {
-            let parsedResults = readJSON(scanResults.resultsFile);
+            let parsedResults = readJSON(scanResults.resultsJSONFile);
             await commenter.postPRComment(parsedResults, repo, prNumber, octokit);
         }
 
+        cleanupOutput(scanResults.resultsJSONFile);
         setWorkflowStatus(scanResults.statusCode);
     } catch (e) {
         console.error(e);

src/scanner.js

@@ -28,14 +28,15 @@ const kicsInput = {
     bom: { value_type: "bool", flag: '--bom', value: core.getInput('bom') },
 };
 
-async function scanWithKICS(enableComments) {
+function addJSONReportFormat(cmdArgs) {
-    let resultsFile;
+    const outputFormats = core.getInput('output_formats');
-
+    if (outputFormats.toLowerCase().indexOf('json') == -1) {
-    if (!kicsInput.path.value) {
+        cmdArgs.push('--report-formats');
-        core.error('Path to scan is not set');
+        cmdArgs.push('json');
-        core.setFailed('Path to scan is not set');
     }
-    let cmdArgs = [];
+}
+
+function addKICSCmdArgs(cmdArgs) {
     for (let input in kicsInput) {
         if (kicsInput[input].value_type === 'string') {
             if (kicsInput[input].value) {
@@ -65,27 +66,34 @@ async function scanWithKICS(enableComments) {
             }
         }
     }
+}
+
+async function scanWithKICS(enableComments) {
+    let resultsJSONFile;
+
+    if (!kicsInput.path.value) {
+        core.error('Path to scan is not set');
+        core.setFailed('Path to scan is not set');
+    }
+    let cmdArgs = [];
+    addKICSCmdArgs(cmdArgs);
 
     // making sure results.json is always created when PR comments are enabled
     if (enableComments) {
         if (!cmdArgs.find(arg => arg == '--output-path')) {
             cmdArgs.push('--output-path');
             cmdArgs.push('./');
-            resultsFile = './results.json';
+            resultsJSONFile = './results.json';
         } else {
-            const outputFormats = core.getInput('output_formats');
-            if (outputFormats.toLowerCase().indexOf('json') == -1) {
-                cmdArgs.push('--report-formats');
-                cmdArgs.push('json');
-            }
             let resultsDir = core.getInput('output_path');
-            resultsFile = filepath.join(resultsDir, '/results.json');
+            resultsJSONFile = filepath.join(resultsDir, '/results.json');
         }
+        addJSONReportFormat(cmdArgs);
     }
     exitCode = await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`, [], { ignoreReturnCode: true });
     return {
         statusCode: exitCode,
-        resultsFile: resultsFile
+        resultsJSONFile: resultsJSONFile
     };
 }