()
| 712 | } |
| 713 | |
| 714 | async function runCodeScan(): Promise<void> { |
| 715 | const inputs = getActionInputs(); |
| 716 | |
| 717 | if (shouldSkipForkPullRequest(inputs.enableForkPrs)) { |
| 718 | core.info('🔀 Fork PR detected and enable-fork-prs is false; skipping Promptfoo Code Scan'); |
| 719 | core.info( |
| 720 | 'A maintainer can trigger a scan by commenting @promptfoo-scanner, or enable fork PR scans with enable-fork-prs: true', |
| 721 | ); |
| 722 | return; |
| 723 | } |
| 724 | |
| 725 | const guidance = loadGuidance(inputs); |
| 726 | |
| 727 | core.info('🔍 Starting Promptfoo Code Scan...'); |
| 728 | |
| 729 | const context = await getGitHubContext(inputs.githubToken); |
| 730 | core.info(`📋 Scanning PR #${context.number} in ${context.owner}/${context.repo}`); |
| 731 | |
| 732 | core.info('🔎 Checking if this is a setup PR...'); |
| 733 | const files = await getPRFiles(inputs.githubToken, context); |
| 734 | |
| 735 | if (isSetupPR(files)) { |
| 736 | core.info('✅ Setup PR detected - workflow file will be added on merge'); |
| 737 | return; |
| 738 | } |
| 739 | |
| 740 | core.info('✅ Not a setup PR - proceeding with security scan'); |
| 741 | |
| 742 | const oidcToken = await authenticateWithOidc(); |
| 743 | |
| 744 | const finalConfigPath = resolveConfigPath(inputs.configPath, inputs.minimumSeverity, guidance); |
| 745 | |
| 746 | try { |
| 747 | const baseBranch = await getBaseBranch(inputs.githubToken, context); |
| 748 | await fetchBaseBranch(baseBranch); |
| 749 | |
| 750 | const cliArgs = buildCliArgs(inputs.apiHost, finalConfigPath, baseBranch, context); |
| 751 | const scanResponse = await getScanResponse(cliArgs, oidcToken); |
| 752 | |
| 753 | await handleScanResponse(scanResponse, inputs, context); |
| 754 | logActCommentPreview(scanResponse.comments); |
| 755 | } finally { |
| 756 | cleanupConfig(inputs.configPath, finalConfigPath); |
| 757 | } |
| 758 | } |
| 759 | |
| 760 | async function run(): Promise<void> { |
| 761 | try { |
no test coverage detected
searching dependent graphs…