Closed tnytown closed 1 year ago
tnytown
commented
1 year ago Let me know if this is what you had in mind!
I'm not sure of the wording of pip-audit did not return any output, or if that should be printed in the summary. There should still be (raw) output in the log just below. I just needed something to grep for in the selftest.
tnytown
commented
1 year ago This is how a new summary looks: https://github.com/tnytown/gh-action-pip-audit/actions/runs/4196817469/attempts/1#summary-11396846157
Also, do we want to restrict the internal interface to pass a fixed invalid flag, like internal-be-careful-pass-invalid-flag? I'll doc internal-be-careful-extra-flags now.
woodruffw
commented
1 year ago I'm not sure of the wording of pip-audit did not return any output, or if that should be printed in the summary. There should still be (raw) output in the log just below. I just needed something to grep for in the selftest.
This works for me! The only real constraint is that it needs to be valid Markdown, so this is fine.
Also, do we want to restrict the internal interface to pass a fixed invalid flag, like internal-be-careful-pass-invalid-flag? I'll doc internal-be-careful-extra-flags now.
I'm good with this approach: it's explicitly an internal option, and it's not a change in the action's security posture.
Resolves #32.
The action crashes when pip-audit exits without writing anything to
/tmp/pip-audit-output.txt. We now check that the file exists before opening it, which should allow the action to run to completion and write the pip-auditstderrto the summary. This is a quick band-aid to fix the immediate crash, maybe in the future we will want special diagnostics in the summary for when there is no pip-audit output?