Documentation
¶
Overview ¶
Package action implements the GitHub Actions security policy.
Index ¶
- func NewAction() policydef.Policy
- type Action
- func (a Action) Check(ctx context.Context, c *github.Client, owner, repo string) (*policydef.Result, error)
- func (a Action) Fix(ctx context.Context, c *github.Client, owner, repo string) error
- func (a Action) GetAction(ctx context.Context, c *github.Client, owner, repo string) string
- func (a Action) IsEnabled(ctx context.Context, c *github.Client, owner, repo string) (bool, error)
- func (a Action) Name() string
- type ActionSelector
- type OrgConfig
- type RepoSelector
- type Rule
- type RuleGroup
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Action ¶
type Action bool
Action is the Action Use policy object, implements policydef.Policy.
func (Action) Check ¶
func (a Action) Check(ctx context.Context, c *github.Client, owner, repo string, ) (*policydef.Result, error)
Check performs the policy check for Action Use policy based on the configuration stored in the org, implementing policydef.Policy.Check().
func (Action) GetAction ¶
GetAction returns the configured action from Action Use policy's configuration stored in the org repo, default log. Implementing policydef.Policy.GetAction().
type ActionSelector ¶
type ActionSelector struct {
// Name is the Action name in glob format
Name string `json:"name"`
// Version is a semver condition or commit ref
// Default "" targets any version
Version string `json:"version"`
}
ActionSelector specifies a selection of Actions.
type OrgConfig ¶
type OrgConfig struct {
// Action defines which action to take, default log, other: issue...
Action string `json:"action"`
// Groups is the set of RuleGroups to employ during Check.
// They are evaluated in order.
Groups []*RuleGroup `json:"groups"`
}
OrgConfig is the org-level config definition for Action Use.
type RepoSelector ¶
type RepoSelector struct {
// Name is the repo name in glob format
Name string `json:"name"`
// Language is a set of programming languages.
// See the section about language detection below
Language []string `json:"language"`
// Exclude is a set of RepoSelectors targeting repos that should
// not be matched by this selector.
Exclude []*RepoSelector `json:"exclude"`
}
RepoSelector specifies a selection of repos.
type Rule ¶
type Rule struct {
// Name is the name used to identify the rule
Name string `json:"name"`
// Method is the type of rule. One of "require", "allow", and "deny".
Method string `json:"method"`
// Priority is the priority tier identifier applied to the rule.
// Options are "urgent", "high", "medium", and "low"
Priority string `json:"priority"`
// Actions is a set of ActionSelectors.
// If nil, all Actions will be selected
Actions []*ActionSelector `json:"actions"`
// MustPass specifies whether the rule's Action(s) are required to
// be part of a passing workflow on latest commit.
// [For use with "require" method]
MustPass bool `json:"mustPass"`
// RequireAll specifies that all Actions listed should be required,
// rather than just one.
// [For use with "require" method]
RequireAll bool `json:"requireAll"`
}
Rule is an Action Use rule.
type RuleGroup ¶
type RuleGroup struct {
// Name is the name used to identify the RuleGroup.
Name string `json:"name"`
// Repos is the set of RepoSelectors to use when deciding whether a repo
// qualifies for this RuleGroup.
// if nil, select all repos.
Repos []*RepoSelector `json:"repos"`
// Rules is the set of rules to apply for this RuleGroup.
// Rules are applied in order of priority, with allow/require rules
// evaluated before deny rules at each priority tier.
Rules []*Rule `json:"rules"`
}
RuleGroup is used to apply rules to repos matched by RepoSelectors.
Source Files
Click to show internal directories.
Click to hide internal directories.