action.yaml

name: EC Validate
description: GitHub Action developed by Enterprise Contract, designed to assess container images for security & compliance.
branding:
  icon: 'shield'
  color: 'purple'
inputs:
  image:
    description: The image reference
    required: true

  key:
    description: The public key for verifying signatures
    required: false

  policy:
    description: A policy configuration file which determines what policies are to be applied
    required: false

  identity:
    description: A regexp string used to match the certificate identity associated with the image
    required: false

  issuer:
    description: The OIDC issuer for validation
    required: false

  extra-params:
    description: This is to add some extra arguments into ec.
    required: false

runs:
  using: composite

  steps:
    - name: Run EC Validate
      uses: docker://quay.io/enterprise-contract/ec-cli:snapshot@sha256:10c86929785166b38bea9bcecaf75ce89cc0bda0ded06664285a74e664a7d49d
      id: ec_validate
      continue-on-error: true
      with:
        args: >
          validate image
          --policy "${{ inputs.policy }}"
          --image "${{ inputs.image }}"
          --public-key "${{ inputs.key }}"
          --certificate-identity-regexp "${{ inputs.identity }}"
          --certificate-oidc-issuer "${{ inputs.issuer }}"
          ${{ inputs.extra-params }}
          --output yaml
          --output summary-markdown=log.md 
    
    - name: Output summary
      run: cat log.md >> $GITHUB_STEP_SUMMARY
      shell: bash

    - name: Fail if validate failed
      if: steps.ec_validate.outcome != 'success'
      run: exit 1
      shell: bash