Integrate Kahu dependency inspection to your development pipeline.

- name: Check dependencies
  uses: kahu-app/github-action@v1

The action can be set up using the kahu_token input to authenticate on your behalf with Kahu. It accepts a non-empty-string.

Authenticated checks have access to additional analysis data. Tokens can be created in Kahu's dashboard.

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    kahu_token: ${{ secrets.KAHU_TOKEN }}

The rules can only be executed once the analysis is completed, to avoid an infinite wait, the action waits for 300 seconds (5 minutes) by default. This interval can be customized by using the wait_timeout input. It accepts a positive-integer.

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    wait_timeout: 60

The command-line will load rules from ./rules.json by default, but both the path and the file name can be customized by using the rule_file input. It accepts a non-empty-string.

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    rule_file: './github/kahu-rules.json'

The command-line will upload the lock file from ./composer.lock by default, but it can be customized by using the lock_file input. It accepts a non-empty-string.

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    lock_file: './my-app/composer.lock'

If the check does not work as expected, it is possible to enable the debug mode, using the debug input. It accepts 0 or 1.

- name: Check dependencies
  uses: kahu-app/github-action@v1
  with:
    debug: 1

This project is licensed under the MIT License.