feat: Add support for SafeDep cloud integration

.github/workflows/vet.yml

@@ -25,6 +25,10 @@ jobs:
       - name: Run vet
         id: vet
         uses: ./
+        with:
+          cloud: true
+          cloud-key: ${{ secrets.SAFEDEP_CLOUD_API_KEY }}
+          cloud-tenant: ${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

action.yml

@@ -20,6 +20,9 @@ inputs:
   cloud-key:
     description: API key to use for synchronizing report with SafeDep cloud
     required: false
+  cloud-tenant:
+    description: Tenant ID to use for synchronizing report with SafeDep cloud
+    required: false
   version:
     description:
       vet version to use for the scan. Defaults to using latest release

src/main.ts

@@ -23,6 +23,11 @@ export async function run(): Promise<void> {
       trimWhitespace: true
     })
 
+    const cloudTenant: string = core.getInput('cloud-tenant', {
+      required: false,
+      trimWhitespace: true
+    })
+
     const version: string = core.getInput('version', {
       required: false,
       trimWhitespace: true
@@ -53,6 +58,7 @@ export async function run(): Promise<void> {
 
     const vet = new Vet({
       apiKey: cloudKey,
+      tenant: cloudTenant,
       policy,
       version,
       cloudMode,

src/vet.ts

@@ -18,6 +18,7 @@ const tc = require('@actions/tool-cache')
 
 interface VetConfig {
   apiKey?: string
+  tenant?: string
   policy?: string
   cloudMode?: boolean
   version?: string
@@ -102,6 +103,10 @@ export class Vet {
       policyFilePath
     ]
 
+    if (this.config.cloudMode) {
+      this.applyCloudConfig(vetFinalScanArgs)
+    }
+
     if (
       this.config.trustedRegistries &&
       this.config.trustedRegistries.length > 0
@@ -252,6 +257,10 @@ export class Vet {
       vetFinalScanArgs.push('--exceptions-extra', this.config.exceptionFile)
     }
 
+    if (this.config.cloudMode) {
+      this.applyCloudConfig(vetFinalScanArgs)
+    }
+
     if (
       this.config.trustedRegistries &&
       this.config.trustedRegistries.length > 0
@@ -408,7 +417,7 @@ export class Vet {
   private async getLatestRelease(): Promise<string> {
     let versionToUse = this.config.version ?? ''
     if (versionToUse.length === 0) {
-      versionToUse = 'v1.6.1'
+      versionToUse = 'v1.8.0'
     }
 
     return `https://github.com/safedep/vet/releases/download/${versionToUse}/vet_Linux_x86_64.tar.gz`
@@ -521,4 +530,28 @@ export class Vet {
 
     return getDefaultVetPolicyFilePath()
   }
+
+  private applyCloudConfig(args: string[]): void {
+    if (!this.config.apiKey) {
+      throw new Error('API key is required for cloud mode')
+    }
+
+    if (!this.config.tenant) {
+      throw new Error('Tenant is required for cloud mode')
+    }
+
+    core.info('Using cloud mode')
+    process.env.VET_API_KEY = this.config.apiKey
+
+    core.info(`Using tenant: ${this.config.tenant}`)
+    process.env.VET_CONTROL_TOWER_TENANT_ID = this.config.tenant
+
+    args.push('--report-sync')
+    args.push('--report-sync-project', process.env.GITHUB_REPOSITORY as string)
+
+    args.push(
+      '--report-sync-project-version',
+      process.env.GITHUB_REF_NAME as string
+    )
+  }
 }