socket-python-cli/.github/actions/setup-sfw/action.yml at f9fcbd926509dbad99e652f7b721d3ae32351475 · SocketDev/socket-python-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
name: "Set up Socket Firewall"
description: >-
  Set up the requested language toolchain and install Socket Firewall (free
  or enterprise edition) so subsequent steps can run package-manager commands
  wrapped with `sfw`. Defaults to free/anonymous mode (no API token -- safe on
  untrusted / Dependabot / fork PRs). Pass mode: firewall-enterprise +
  socket-token for full org-policy enforcement on trusted maintainer PRs.

inputs:
  python:
    description: "Set up Python 3.12"
    default: "false"
  node:
    description: "Set up Node 20 (needed for npm-wrapped checks)"
    default: "false"
  uv:
    description: "Install uv (implies Python)"
    default: "false"
  mode:
    description: "socketdev/action mode: firewall-free or firewall-enterprise"
    default: "firewall-free"
  socket-token:
    description: "Socket API token (only used/required for firewall-enterprise)"
    default: ""

runs:
  using: "composite"
  steps:
    - if: ${{ inputs.python == 'true' || inputs.uv == 'true' }}
      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
      with:
        python-version: "3.12"

    - if: ${{ inputs.node == 'true' }}
      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
      with:
        node-version: "20"

    # Official Socket setup action. Wires up sfw routing correctly.
    # socket-token is ignored in firewall-free mode and empty when absent.
    - uses: socketdev/action@ba6de6cc0565af1f42295590380973573297e31f # v1.3.2
      with:
        mode: ${{ inputs.mode }}
        socket-token: ${{ inputs.socket-token }}

    - if: ${{ inputs.uv == 'true' }}
      name: Install uv
      shell: bash
      run: python -m pip install --upgrade pip uv