Integrate Kahu dependency inspection to your development pipeline.

- name: Check dependencies
  uses: kahu-app/github-action@v1

The action can be set up using the kahu_token input to authenticate on your behalf with Kahu. It accepts a non-empty-string.

Authenticated checks have access to additional analysis data. Tokens can be created in Kahu's dashboard.

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    kahu_token: ${{ secrets.KAHU_TOKEN }}

If the check does not work as expected, it is possible to enable the debug mode, using the debug input. It accepts 0 (debug mode off) or 1 (debug mode on).

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    debug: 1

The command-line will upload the lock file from ./composer.lock by default, but it can be customized by using the lock_file input. It accepts a non-empty-string (path to lockfile).

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    lock_file: './my-app/composer.lock'

The command-line will load rules from ./rules.json by default, but both the path and the file name can be customized by using the rule_file input. It accepts a non-empty-string (path to rules file).

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    rule_file: './github/kahu-rules.json'

It is possible to skip report validation, ie. only upload the manifest file, by changing the upload_only input. It accepts 0 (upload & validate) or 1 (upload only).

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    upload_only: 1

The rules can only be executed once the analysis is completed, to avoid an infinite wait, the action waits for 300 seconds (5 minutes) by default. This interval can be customized by using the wait_timeout input. It accepts a positive-integer (number of seconds).

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    wait_timeout: 60

This project is licensed under the MIT License.