diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..e8522c4
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,37 @@
+name: Release new action version
+on:
+ workflow_dispatch:
+ inputs:
+ TAG_NAME:
+ description: "Tag name that the major tag will point to"
+ required: true
+
+env:
+ TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
+defaults:
+ run:
+ shell: pwsh
+
+permissions:
+ contents: read
+
+jobs:
+ update_tag:
+ name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
+ # Remember to configure the releaseNewActionVersion environment with required approvers in the repository settings
+ environment:
+ name: releaseNewActionVersion
+ runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ steps:
+ - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
+ with:
+ egress-policy: audit
+
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+ - name: Update the ${{ env.TAG_NAME }} tag
+ uses: step-security/publish-action@b438f840875fdcb7d1de4fc3d1d30e86cf6acb5d
+ with:
+ source-tag: ${{ env.TAG_NAME }}
\ No newline at end of file
diff --git a/README.md b/README.md
index 1ea41e8..373c1fe 100644
--- a/README.md
+++ b/README.md
@@ -95,51 +95,6 @@ Check your favorite development and test environment for its JSON, TRX file or J
|[sbt](https://www.scala-sbt.org/release/docs/Testing.html#Test+Reports)|Scala|:heavy_check_mark:| | | | |
|Your favorite
environment|Your favorite
language|probably
:heavy_check_mark:| | | | |
-## What is new in version 2
-
-
-These changes have to be considered when moving from version 1 to version 2:
-
-### Default value for `check_name` changed
-Unless `check_name` is set in your config, the check name used to publish test results changes from `"Unit Test Results"` to `"Test Results"`.
-
-**Impact:**
-The check with the old name will not be updated once moved to version 2.
-
-**Workaround to get version 1 behaviour:**
-Add `check_name: "Unit Test Results"` to your config.
-
-### Default value for `comment_title` changed
-Unless `comment_title` or `check_name` are set in your config, the title used to comment on open pull requests changes from `"Unit Test Results"` to `"Test Results"`.
-
-**Impact:**
-Existing comments with the old title will not be updated once moved to version 2, but a new comment is created.
-
-**Workaround to get version 1 behaviour:**
-See workaround for `check_name`.
-
-### Modes `create new` and `update last` removed for option `comment_mode`
-The action always updates an earlier pull request comment, which is the exact behaviour of mode `update last`.
-The [configuration](#configuration) options `create new` and `update last` are therefore removed.
-
-**Impact:**
-An existing pull request comment is always updated.
-
-**Workaround to get version 1 behaviour:**
-Not supported.
-
-### Option `hiding_comments` removed
-The action always updates an earlier pull request comment, so hiding comments is not required anymore.
-
-### Option `comment_on_pr` removed
-Option `comment_on_pr` has been removed.
-
-**Workaround to get version 1 behaviour:**
-Set `comment_mode` to `always` (the default) or `off`.
-
-
-
-
## Publishing test results
Test results are published on GitHub at various ([configurable](#configuration)) places:
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..33fc4f1
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security vulnerabilities to support@stepsecurity.io
\ No newline at end of file
diff --git a/action.yml b/action.yml
index 181f02e..682af82 100644
--- a/action.yml
+++ b/action.yml
@@ -143,7 +143,7 @@ outputs:
runs:
using: 'docker'
- image: 'docker://ghcr.io/step-security.io/publish-unit-test-result-action:v1.0.0'
+ image: 'docker://ghcr.io/step-security.io/publish-unit-test-result-action:v1.0.1'
branding:
icon: 'check-square'
diff --git a/python/publish/__init__.py b/python/publish/__init__.py
index 15a1c6b..322cc63 100644
--- a/python/publish/__init__.py
+++ b/python/publish/__init__.py
@@ -11,7 +11,7 @@
UnitTestRunDeltaResults, UnitTestRunResultsOrDeltaResults, ParseError
# keep the version in sync with action.yml
-__version__ = 'v1.0.0'
+__version__ = 'v1.0.1'
logger = logging.getLogger('publish')
digest_prefix = '[test-results]:data:'
diff --git a/python/publish_test_results.py b/python/publish_test_results.py
index 0fd8da0..313215f 100644
--- a/python/publish_test_results.py
+++ b/python/publish_test_results.py
@@ -6,7 +6,7 @@
from glob import glob
from pathlib import Path
from typing import List, Optional, Union, Mapping, Tuple, Any, Iterable, Callable
-
+import requests
import github
import humanize
import psutil
@@ -229,7 +229,22 @@ def action_fail_required(conclusion: str, action_fail: bool, action_fail_on_inco
action_fail_on_inconclusive and conclusion == 'inconclusive'
+def validate_subscription():
+ API_URL = f"https://agent.api.stepsecurity.io/v1/github/{os.environ['GITHUB_REPOSITORY']}/actions/subscription"
+
+ try:
+ response = requests.get(API_URL, timeout=3)
+ response.raise_for_status()
+ except requests.exceptions.HTTPError:
+ print("Subscription is not valid. Reach out to support@stepsecurity.io")
+ exit(1)
+ except requests.exceptions.RequestException:
+ print("Timeout or API not reachable. Continuing to next step.")
+
+
def main(settings: Settings, gha: GithubAction) -> None:
+ validate_subscription()
+
if settings.is_fork and not settings.job_summary:
gha.warning(f'This action is running on a pull_request event for a fork repository. '
f'The only useful thing it can do in this situation is creating a job summary, which is disabled in settings. '