t.behrendt/tas-actions
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Releases Activity

finalize

Browse Source
This commit is contained in:
Timo Behrendt
2026-02-11 19:51:15 +01:00
parent 08622df7ed
commit 97a422dacf
2 changed files with 13 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
openapi.json
View File

@@ -1,131 +0,0 @@
{
"openapi": "3.1.0",
"info": {
"title": "TAS — Tea Advanced Security",
"description": "Security reporting and gating API for Gitea. Upload SARIF reports per repo/branch; get allowed/new_findings for CI gating.",
"version": "1.0.0"
},
"servers": [{ "url": "http://localhost:3000", "description": "Local" }],
"paths": {
"/repos/{owner}/{repo}/branches/{branch}/reports": {
"post": {
"operationId": "postReposByOwnerByRepoBranchesByBranchReports",
"description": "Upload a SARIF report for a repository and branch. Replaces any existing report. On non-default branches, compares to baseline and returns allowed/new_findings for CI gating.",
"request": {
"params": {
"owner": {
"description": "Repository owner (e.g. t.behrendt)",
"required": true
},
"repo": {
"description": "Repository name (e.g. k_gitea)",
"required": true
},
"branch": { "description": "Branch name", "required": true }
},
"body": {
"content": {
"application/json": {
"schema": {
"type": "object",
"description": "SARIF 2.1 document with runs[]"
}
}
}
}
},
"responses": {
"200": {
"description": "Report stored and (for non-default branch) gating result",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"allowed": { "type": "boolean" },
"reason": { "type": "string" },
"new_critical": { "type": "number" },
"new_high": { "type": "number" },
"new_medium": { "type": "number" },
"new_low": { "type": "number" },
"new_findings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"rule_id": { "type": "string" },
"level": { "type": "string" },
"message": { "type": "string" },
"severity": {
"type": "string",
"enum": ["CRITICAL", "HIGH", "MEDIUM", "LOW"]
},
"artifact_uri": { "type": "string" },
"region": {
"type": "object",
"properties": {
"start_line": {
"anyOf": [
{ "type": "number" },
{ "type": "null" }
]
},
"start_column": {
"anyOf": [
{ "type": "number" },
{ "type": "null" }
]
}
},
"required": ["start_line", "start_column"]
}
},
"required": [
"rule_id",
"level",
"message",
"severity",
"artifact_uri",
"region"
]
}
}
},
"required": [
"allowed",
"new_critical",
"new_high",
"new_medium",
"new_low",
"new_findings"
]
}
}
}
}
},
"parameters": [
{
"schema": { "type": "string" },
"in": "path",
"name": "owner",
"required": true
},
{
"schema": { "type": "string" },
"in": "path",
"name": "repo",
"required": true
},
{
"schema": { "type": "string" },
"in": "path",
"name": "branch",
"required": true
}
]
}
}
},
"components": {}
}

26
tas-upload-sarif/README.md
View File

@@ -4,33 +4,33 @@ Reusable GitHub Action that uploads a SARIF report to [TAS (Tea Advanced Securit
## Inputs ## Inputs
| Input | Required | Description | | Input | Required | Description |
|-------|----------|-------------| | -------------- | -------- | --------------------------------------------------------- |
| `tas-base-url` | Yes | Base URL of the TAS API (e.g. `https://tas.example.com`) | | `tas-base-url` | Yes | Base URL of the TAS API (e.g. `https://tas.example.com`) |
| `sarif-file` | Yes | Path to the SARIF report file (JSON) | | `sarif-file` | Yes | Path to the SARIF report file (JSON) |
| `owner` | No | Repository owner (default: `github.repository_owner`) | | `owner` | No | Repository owner (default: `github.repository_owner`) |
| `repo` | No | Repository name (default: `github.event.repository.name`) | | `repo` | No | Repository name (default: `github.event.repository.name`) |
| `branch` | No | Branch name (default: `github.ref_name`) | | `branch` | No | Branch name (default: `github.ref_name`) |
## Usage ## Usage
```yaml ```yaml
- name: Upload SARIF to TAS and gate - name: Upload SARIF to TAS and gate
uses: your-org/tas-actions/tas-upload-sarif@v1 uses: https://gitea.t000-n.de/t.behrendt/tas-actions/tas-upload-sarif@v1
with: with:
tas-base-url: 'https://tas.example.com' tas-base-url: "https://tas.example.com"
sarif-file: 'results.sarif' sarif-file: "results.sarif"
``` ```
With explicit owner/repo/branch (e.g. for monorepos or custom refs): With explicit owner/repo/branch (e.g. for monorepos or custom refs):
```yaml ```yaml
- uses: your-org/tas-actions/tas-upload-sarif@v1 - uses: [your-org/tas-actions/tas-upload-sarif@v1](https://gitea.t000-n.de/t.behrendt/tas-actions/tas-upload-sarif@v1)
with: with:
tas-base-url: ${{ vars.TAS_BASE_URL }} tas-base-url: ${{ vars.TAS_BASE_URL }}
sarif-file: 'scan-output.sarif' sarif-file: 'scan-output.sarif'
owner: my-org owner: ${{ github.repository_owner}}
repo: my-repo repo: ${{ github.event.repository.name }}
branch: ${{ github.head_ref }} branch: ${{ github.head_ref }}
``` ```