File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : Format Check
2+
3+ on :
4+ pull_request :
5+ branches :
6+ - main
7+ paths :
8+ - " src/**"
9+ - " package.json"
10+ - " package-lock.json"
11+ - " .prettierrc.json"
12+
13+ jobs :
14+ format :
15+ runs-on : ubuntu-latest
16+ steps :
17+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
18+
19+ - uses : actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
20+ with :
21+ node-version : " 20"
22+
23+ - name : Install dependencies
24+ run : npm ci
25+
26+ - name : Check formatting
27+ run : npm run format:check
Original file line number Diff line number Diff line change 1+ npx lint-staged
Original file line number Diff line number Diff line change 1+ dist /
2+ node_modules /
3+ * .md
4+ LICENSE
5+ .github /
Original file line number Diff line number Diff line change 1+ {
2+ "semi" : true ,
3+ "singleQuote" : true ,
4+ "tabWidth" : 2 ,
5+ "trailingComma" : " none" ,
6+ "printWidth" : 100 ,
7+ "bracketSpacing" : true ,
8+ "arrowParens" : " always"
9+ }
Original file line number Diff line number Diff line change 8787| Input | Description | Default |
8888|-------|-------------|---------|
8989| ` github-token` | GitHub token for API access | `${{ github.token }}` |
90- | `mode` | Analysis mode : ` diff` or `analyze` | `diff` |
9190| `base-path` | Base directory to analyze | `.` |
9291| `malcontent-version` | Version of malcontent to use | `latest` |
9392| `fail-on-increase` | Fail if risk score increases | `true` |
@@ -128,16 +127,15 @@ jobs:
128127 exit 1
129128` ` `
130129
131- # # Modes
130+ # # How It Works
132131
133- # ## Diff Mode (Default)
134- Uses malcontent's native `diff` command to compare base and head versions. This is the most efficient method.
132+ This action uses malcontent's native `diff` command to compare security behaviors between base and head versions of your code. It :
135133
136- # ## Analyze Mode
137- Only analyzes the head version without comparison. Useful for :
138- - Initial security scans
139- - When there's no base version to compare
140- - Quick security checks
134+ 1. Detects the base and head commits (from PR or push context)
135+ 2. Extracts changed files to temporary directories
136+ 3. Runs `malcontent diff` to compare behaviors
137+ 4. Reports findings via PR comments or workflow summaries
138+ 5. Can fail the build if risk increases
141139
142140# # Building
143141
Original file line number Diff line number Diff line change @@ -32,10 +32,6 @@ inputs:
3232 description : ' Base path within the repository to run malcontent (defaults to repository root)'
3333 required : false
3434 default : ' .'
35- mode :
36- description : ' Mode to run malcontent in: "diff" (default) or "analyze"'
37- required : false
38- default : ' diff'
3935
4036outputs :
4137 diff-summary :
You can’t perform that action at this time.
0 commit comments