This GitHub Action runs bundler-audit on your project.
Equivalent to running gem install bundle-audit && bundle-audit check on your local machine:
name: Bundler Audit
on: [push]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: 'Bundler Audit'
uses: andrewmcodes/bundler-audit-action@main
with:
github_token: ${{ secrets.GITHUB_TOKEN }}By default, you can add he ignored CVE into the standard .bundler-audit.yml as described here.
Moreover, the options argument exists to allow you to pass options to the audit command, just like you would locally:
name: Bundler Audit
on: [push]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: 'Bundler Audit'
uses: andrewmcodes/bundler-audit-action@main
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
options: '--ignore CVE-2015-9284 --format json'View rubysec/bundler-audit for documentation on what options are available.
Note: bundler-audit also supports a per-project configuration file:
.bundle-audit.ymlwhich is NOT supported by this action. This action is as simple as it can be to help you get started quickly and is not meant for long term use. In order to dissuade long term use, config file support will not be implemented, or accepted via PR, without a persuading argument as to why. Thanks for understanding!
Required. Must be in form of github_token: ${{ secrets.github_token }}.
Optional. bundle-audit options. (bundle-audit --ignore CVE-2015-9284 --format json)