🚧 walking through getting our action setup

action.yml

@@ -1,24 +1,23 @@
-name: 'The name of your action here'
-description: 'Provide a description here'
-author: 'Your name or organization here'
-
-# Add your action's branding here. This will appear on the GitHub Marketplace.
+name: 'VulnCheck Actions'
+description: 'Integrate VulnCheck into your GitHub Actions workflow'
+author: 'Kevin Olson <[email protected]>'
 branding:
-  icon: 'heart'
-  color: 'red'
+    icon: 'shield'
+    color: gray-dark
 
-# Define your inputs here.
 inputs:
-  milliseconds:
-    description: 'Your input description here'
+  token:
+    description: 'VulnCheck Token'
     required: true
-    default: '1000'
-
-# Define your outputs here.
-outputs:
-  time:
-    description: 'Your output description here'
-
+  cli_pat:
+    description: 'A token with access to the CLI'
+    required: true
+  scan_cvss_base_threshold:
+    description: 'CVSS Threshold to fail the workflow'
+    required: false
+  scan_cvss_temporal_threshold:
+    description: 'CVSS Temporal Threshold to fail the workflow'
+    required: false
 runs:
   using: node20
   main: dist/index.js

package.json

@@ -1,16 +1,16 @@
 {
-  "name": "typescript-action",
-  "description": "GitHub Actions TypeScript template",
-  "version": "0.0.0",
+  "name": "vulncheck-action",
+  "description": "VulnCheck GitHub Action",
+  "version": "1.0.0",
   "author": "",
   "private": true,
-  "homepage": "https://github.com/actions/typescript-action",
+  "homepage": "https://github.com/vulncheck-oss/action",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/actions/typescript-action.git"
+    "url": "git+https://github.com/vulncheck-oss/action.git"
   },
   "bugs": {
-    "url": "https://github.com/actions/typescript-action/issues"
+    "url": "https://github.com/vulncheck-oss/action/issues"
   },
   "keywords": [
     "actions",
@@ -66,7 +66,8 @@
     ]
   },
   "dependencies": {
-    "@actions/core": "^1.10.1"
+    "@actions/core": "^1.10.1",
+    "@actions/github": "^6.0.0"
   },
   "devDependencies": {
     "@jest/globals": "^29.7.0",

src/main.ts

@@ -1,24 +1,23 @@
 import * as core from '@actions/core'
-import { wait } from './wait'
+import * as github from '@actions/github'
 
 /**
  * The main function for the action.
  * @returns {Promise<void>} Resolves when the action is complete.
  */
 export async function run(): Promise<void> {
   try {
-    const ms: string = core.getInput('milliseconds')
+    const token = core.getInput('token', { required: true })
 
-    // Debug logs are only output if the `ACTIONS_STEP_DEBUG` secret is true
-    core.debug(`Waiting ${ms} milliseconds ...`)
+    const octokit = github.getOctokit(token)
 
-    // Log the current timestamp, wait, then log the new timestamp
-    core.debug(new Date().toTimeString())
-    await wait(parseInt(ms, 10))
-    core.debug(new Date().toTimeString())
+    const { data: release } = await octokit.rest.repos.getLatestRelease({
+      owner: 'vulncheck-oss',
+      repo: 'cli',
+    })
 
-    // Set outputs for other workflow steps to use
-    core.setOutput('time', new Date().toTimeString())
+    console.log(release)
+    core.debug("release: " + release.tag_name)
   } catch (error) {
     // Fail the workflow run if an error occurs
     if (error instanceof Error) core.setFailed(error.message)