t.behrendt/tas-actions
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Releases Activity

Compare commits

base: t.behrendt:0.0.1
Branches Tags
t.behrendt:main t.behrendt:renovate/https-gitea.t000-n.de-t.behrendt-conventional-semantic-git-tag-increment-0.x t.behrendt:renovate/https-gitea.t000-n.de-t.behrendt-actions-0.x
t.behrendt:0.0.4-rc-65059221d3b7706ad5bcadb16a3ee1f2be5ea2e6 t.behrendt:0.0.3 t.behrendt:0.0.2 t.behrendt:0.0.1
..
compare: t.behrendt:main
Branches Tags
t.behrendt:renovate/https-gitea.t000-n.de-t.behrendt-conventional-semantic-git-tag-increment-0.x t.behrendt:renovate/https-gitea.t000-n.de-t.behrendt-actions-0.x t.behrendt:main
t.behrendt:0.0.4-rc-65059221d3b7706ad5bcadb16a3ee1f2be5ea2e6 t.behrendt:0.0.3 t.behrendt:0.0.2 t.behrendt:0.0.1

11 Commits
0.0.1 ... main

Author SHA1 Message Date
Renovate Bot
a2c4af54ae chore(deps): update https://gitea.t000-n.de/t.behrendt/actions action to v0.2.1 (#16) 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://gitea.t000-n.de/t.behrendt/actions](https://gitea.t000-n.de/t.behrendt/actions) | action | minor | `0.1.5` → `0.2.1` |

---

### Release Notes

<details>
<summary>t.behrendt/actions (https://gitea.t000-n.de/t.behrendt/actions)</summary>

### [`v0.2.1`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.2.0...0.2.1)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.2.0...0.2.1)

### [`v0.2.0`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.7...0.2.0)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.7...0.2.0)

### [`v0.1.7`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.6...0.1.7)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.6...0.1.7)

### [`v0.1.6`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.5...0.1.6)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.5...0.1.6)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=-->

Reviewed-on: #16
Reviewed-by: t.behrendt <t.behrendt@noreply.localhost>
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>
 2026-03-15 22:00:54 +01:00
Renovate Bot
1d5ce5e8f4 chore(deps): update https://gitea.t000-n.de/t.behrendt/actions action to v0.1.5 (#14) 
This PR contains the following updates:

| Package | Type | Update | Change | Pending |
|---|---|---|---|---|
| [https://gitea.t000-n.de/t.behrendt/actions](https://gitea.t000-n.de/t.behrendt/actions) | action | patch | `0.1.4` → `0.1.5` | `0.2.1` (+3) |

---

### Release Notes

<details>
<summary>t.behrendt/actions (https://gitea.t000-n.de/t.behrendt/actions)</summary>

### [`v0.1.5`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.4...0.1.5)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.4...0.1.5)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=-->

Reviewed-on: #14
Reviewed-by: t.behrendt <t.behrendt@noreply.localhost>
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>
 2026-02-27 19:09:38 +01:00
Renovate Bot
38d311a43c chore(deps): update https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment action to v0.1.29 (#15) 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment](https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment) | action | patch | `0.1.28` → `0.1.29` |

---

### Release Notes

<details>
<summary>t.behrendt/conventional-semantic-git-tag-increment (https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment)</summary>

### [`v0.1.29`](https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment/compare/0.1.28...0.1.29)

[Compare Source](https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment/compare/0.1.28...0.1.29)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=-->

Reviewed-on: #15
Reviewed-by: t.behrendt <t.behrendt@noreply.localhost>
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>
 2026-02-27 19:09:28 +01:00
Renovate Bot
efb2257a09 chore(deps): update https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment action to v0.1.28 (#13) 
This PR contains the following updates:

| Package | Type | Update | Change | Pending |
|---|---|---|---|---|
| [https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment](https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment) | action | patch | `0.1.27` → `0.1.28` | `0.1.29` |

---

### Release Notes

<details>
<summary>t.behrendt/conventional-semantic-git-tag-increment (https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment)</summary>

### [`v0.1.28`](https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment/compare/0.1.27...0.1.28)

[Compare Source](https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment/compare/0.1.27...0.1.28)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=-->

Reviewed-on: #13
Reviewed-by: t.behrendt <t.behrendt@noreply.localhost>
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>
 2026-02-24 19:56:47 +01:00
Renovate Bot
418e1b34e9 chore(deps): update https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment action to v0.1.27 (#12) 
This PR contains the following updates:

| Package | Type | Update | Change | Pending |
|---|---|---|---|---|
| [https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment](https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment) | action | patch | `0.1.26` → `0.1.27` | `0.1.29` (+1) |

---

### Release Notes

<details>
<summary>t.behrendt/conventional-semantic-git-tag-increment (https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment)</summary>

### [`v0.1.27`](https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment/compare/0.1.26...0.1.27)

[Compare Source](https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment/compare/0.1.26...0.1.27)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=-->

Reviewed-on: #12
Reviewed-by: t.behrendt <t.behrendt@noreply.localhost>
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>
 2026-02-22 12:52:14 +01:00
Renovate Bot
4d8d18d4c4 chore(deps): update https://gitea.t000-n.de/t.behrendt/actions action to v0.1.4 (#11) 
This PR contains the following updates:

| Package | Type | Update | Change | Pending |
|---|---|---|---|---|
| [https://gitea.t000-n.de/t.behrendt/actions](https://gitea.t000-n.de/t.behrendt/actions) | action | patch | `0.1.3` → `0.1.4` | `0.1.5` |

---

### Release Notes

<details>
<summary>t.behrendt/actions (https://gitea.t000-n.de/t.behrendt/actions)</summary>

### [`v0.1.4`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.3...0.1.4)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.3...0.1.4)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=-->

Reviewed-on: #11
Reviewed-by: t.behrendt <t.behrendt@noreply.localhost>
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>
 2026-02-22 12:20:54 +01:00
Timo Behrendt
ac31a169e0 ci: add prerelease functionality (#10) 
Reviewed-on: #10
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
 2026-02-15 16:50:56 +01:00
Timo Behrendt
26ac67db47 ci: pin varios actions to a proper semver version (#8) 
Reviewed-on: #8
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
 2026-02-14 19:02:00 +01:00
Timo Behrendt
5e1031a9ef fix: url encode owner, repo, and branch name (#7)
All checks were successful
CD / Release (push) Successful in 1m49s
Details 
Reviewed-on: #7
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
 2026-02-12 20:23:23 +01:00
Timo Behrendt
cd7a5213f7 docs: slim down docs (#4)
All checks were successful
CD / Release (push) Successful in 12s
Details 
Reviewed-on: #4
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
 2026-02-11 19:58:08 +01:00
Timo Behrendt
f62ea6cc43 ci: skip on non-relevant changes (#3) 
Reviewed-on: #3
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
 2026-02-11 19:57:07 +01:00
4 changed files with 22 additions and 34 deletions
Expand all files Collapse all files

9
.gitea/workflows/cd.yaml
View File

@@ -4,6 +4,8 @@ on:
push: push:
branches: branches:
- main - main
paths:
- "tas-upload-sarif/**"
workflow_dispatch: workflow_dispatch:
jobs: jobs:
@@ -11,15 +13,16 @@ jobs:
name: Release name: Release
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Increment tag - name: Increment tag
id: tag id: tag
uses: https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment@af46017d0af5fd6af4425f8e6961f14280a1acd1 # 0.1.26 uses: https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment@41b7e04221df8a033bec841d40a097b76e5f67ff # 0.1.29
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
prerelease: ${{ github.event_name == 'workflow_dispatch' }}
- name: Push tag - name: Push tag
uses: https://gitea.t000-n.de/t.behrendt/actions/release-git-tag@1b8fe65eda1ea0a7586a5fd552ef8f4a639b154f # 0.1.3 uses: https://gitea.t000-n.de/t.behrendt/actions/release-git-tag@3925c92fc33f3d2bc87d28d21ab691b7e6dd6cdf # 0.2.1
with: with:
tag: ${{ steps.tag.outputs.new-tag }} tag: ${{ steps.tag.outputs.new-tag }}

18
README.md
View File

@@ -7,24 +7,6 @@ Reusable GitHub Actions for [TAS (Tea Advanced Security)](https://github.com/go-
### [tas-upload-sarif](tas-upload-sarif/) ### [tas-upload-sarif](tas-upload-sarif/)
Uploads a SARIF report from a file to TAS and **fails the job** if the API returns `allowed: false`. Uploads a SARIF report from a file to TAS and **fails the job** if the API returns `allowed: false`.
**Example workflow** (e.g. after a security scan that produces SARIF):
```yaml
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Run your scanner and produce SARIF (e.g. to results.sarif)
# - run: ./run-scanner --output results.sarif
- name: Upload SARIF to TAS and gate
uses: your-org/tas-actions/tas-upload-sarif@v1
with:
tas-base-url: 'https://tas.example.com'
sarif-file: 'results.sarif' sarif-file: 'results.sarif'
```
See [tas-upload-sarif/README.md](tas-upload-sarif/README.md) for all inputs and options. See [tas-upload-sarif/README.md](tas-upload-sarif/README.md) for all inputs and options.

4
tas-upload-sarif/README.md
View File

@@ -25,10 +25,10 @@ Reusable GitHub Action that uploads a SARIF report to [TAS (Tea Advanced Securit
With explicit owner/repo/branch (e.g. for monorepos or custom refs): With explicit owner/repo/branch (e.g. for monorepos or custom refs):
```yaml ```yaml
- uses: [your-org/tas-actions/tas-upload-sarif@v1](https://gitea.t000-n.de/t.behrendt/tas-actions/tas-upload-sarif@v1) - uses: https://gitea.t000-n.de/t.behrendt/tas-actions/tas-upload-sarif@v1
with: with:
tas-base-url: ${{ vars.TAS_BASE_URL }} tas-base-url: ${{ vars.TAS_BASE_URL }}
sarif-file: 'scan-output.sarif' sarif-file: "scan-output.sarif"
owner: ${{ github.repository_owner}} owner: ${{ github.repository_owner}}
repo: ${{ github.event.repository.name }} repo: ${{ github.event.repository.name }}
branch: ${{ github.head_ref }} branch: ${{ github.head_ref }}

21
tas-upload-sarif/action.yml
View File

@@ -1,23 +1,23 @@
name: 'TAS Upload SARIF' name: "TAS Upload SARIF"
description: 'Upload a SARIF report to TAS (Tea Advanced Security) and fail the job if gating returns allowed: false' description: "Upload a SARIF report to TAS (Tea Advanced Security) and fail the job if gating returns allowed: false"
inputs: inputs:
tas-base-url: tas-base-url:
description: 'Base URL of the TAS API (e.g. https://tas.example.com)' description: "Base URL of the TAS API (e.g. https://tas.example.com)"
required: true required: true
sarif-file: sarif-file:
description: 'Path to the SARIF report file (JSON)' description: "Path to the SARIF report file (JSON)"
required: true required: true
owner: owner:
description: 'Repository owner (default: GitHub repository owner)' description: "Repository owner (default: GitHub repository owner)"
required: false required: false
repo: repo:
description: 'Repository name (default: GitHub repository name)' description: "Repository name (default: GitHub repository name)"
required: false required: false
branch: branch:
description: 'Branch name (default: current ref name, e.g. main)' description: "Branch name (default: current ref name, e.g. main)"
required: false required: false
runs: runs:
using: 'composite' using: "composite"
steps: steps:
- name: Upload SARIF to TAS and gate - name: Upload SARIF to TAS and gate
shell: bash shell: bash
@@ -29,7 +29,10 @@ runs:
SARIF_FILE: ${{ inputs.sarif-file }} SARIF_FILE: ${{ inputs.sarif-file }}
run: | run: |
BASE_URL="${BASE_URL%/}" BASE_URL="${BASE_URL%/}"
URL="${BASE_URL}/repos/${OWNER}/${REPO}/branches/${BRANCH}/reports" OWNER_ENC=$(jq -rn --arg x "$OWNER" '$x | @uri')
REPO_ENC=$(jq -rn --arg x "$REPO" '$x | @uri')
BRANCH_ENC=$(jq -rn --arg x "$BRANCH" '$x | @uri')
URL="${BASE_URL}/repos/${OWNER_ENC}/${REPO_ENC}/branches/${BRANCH_ENC}/reports"
echo "Uploading SARIF to TAS: $URL" echo "Uploading SARIF to TAS: $URL"
if [[ ! -f "$SARIF_FILE" ]]; then if [[ ! -f "$SARIF_FILE" ]]; then