Develop a GitHub Action to run Tern

[ericwb]

Describe the Feature GitHub supports a wide variety of GitHub actions to run various actions, all based on containerized programs. I think Tern could be a good "action" to run as part of a deployment workflow.

https://github.com/marketplace?type=actions

Use Cases Before a container is deployed to DockerHub, could be useful to have an action to run Tern to check the compliance of it.

Implementation Changes Essentially, you just need to write a DockerFile for the action. For example, golangci-lint: https://github.com/actions-contrib/golangci-lint/blob/master/Dockerfile

[JeroenKnoops]

For a project I'm comparing several SBOM tools with each other. We're comparing tern with anchore, blackduck, whitesource, aws ecr, google cloud, and so on.

I've created a GitHub Action workflow for Tern.

https://github.com/JeroenKnoops/scan-docker-image/blob/master/.github/workflows/scan-tern.yml

I can create a github action for this so you can put it in the marketplace. Please let me know if you want me to create a PR here.

btw. We really like the output of tern. :)

[nishakm]

@JeroenKnoops thanks for the feedback! We'd really appreciate a GitHub action. Just note that currently, Tern needs a Linux host to run. I am not sure if that is a blocker with creating a GitHub action.

[JeroenKnoops]

I've started the development, will finish it hopefully this week. Will try to make most of the configuration available in the action.

Progress can be found here: https://github.com/philips-labs/tern-action Example of using it: https://github.com/JeroenKnoops/tern-action-examples

[JeroenKnoops]

With tern version 2.2.0 the action works great. I've released it here: https://github.com/marketplace/actions/tern-action

Source is here: https://github.com/philips-labs/tern-action but you are free to use this as inspiration and recreate it in the tern-tools organization.

[nishakm]

Thank you! I will close this issue then.