MCPcopy
hub / github.com/promptfoo/promptfoo / runCodeScan

Function runCodeScan

code-scan-action/src/main.ts:714–758  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

712}
713
714async function runCodeScan(): Promise<void> {
715 const inputs = getActionInputs();
716
717 if (shouldSkipForkPullRequest(inputs.enableForkPrs)) {
718 core.info('🔀 Fork PR detected and enable-fork-prs is false; skipping Promptfoo Code Scan');
719 core.info(
720 'A maintainer can trigger a scan by commenting @promptfoo-scanner, or enable fork PR scans with enable-fork-prs: true',
721 );
722 return;
723 }
724
725 const guidance = loadGuidance(inputs);
726
727 core.info('🔍 Starting Promptfoo Code Scan...');
728
729 const context = await getGitHubContext(inputs.githubToken);
730 core.info(`📋 Scanning PR #${context.number} in ${context.owner}/${context.repo}`);
731
732 core.info('🔎 Checking if this is a setup PR...');
733 const files = await getPRFiles(inputs.githubToken, context);
734
735 if (isSetupPR(files)) {
736 core.info('✅ Setup PR detected - workflow file will be added on merge');
737 return;
738 }
739
740 core.info('✅ Not a setup PR - proceeding with security scan');
741
742 const oidcToken = await authenticateWithOidc();
743
744 const finalConfigPath = resolveConfigPath(inputs.configPath, inputs.minimumSeverity, guidance);
745
746 try {
747 const baseBranch = await getBaseBranch(inputs.githubToken, context);
748 await fetchBaseBranch(baseBranch);
749
750 const cliArgs = buildCliArgs(inputs.apiHost, finalConfigPath, baseBranch, context);
751 const scanResponse = await getScanResponse(cliArgs, oidcToken);
752
753 await handleScanResponse(scanResponse, inputs, context);
754 logActCommentPreview(scanResponse.comments);
755 } finally {
756 cleanupConfig(inputs.configPath, finalConfigPath);
757 }
758}
759
760async function run(): Promise<void> {
761 try {

Callers 1

runFunction · 0.85

Calls 15

getGitHubContextFunction · 0.90
getPRFilesFunction · 0.90
getActionInputsFunction · 0.85
loadGuidanceFunction · 0.85
isSetupPRFunction · 0.85
authenticateWithOidcFunction · 0.85
fetchBaseBranchFunction · 0.85
getScanResponseFunction · 0.85
handleScanResponseFunction · 0.85
logActCommentPreviewFunction · 0.85
cleanupConfigFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…