Use pip direct URL syntax and support SCIO optional dependencies (#34)

keshav-space · web-flow · commit b7868df467ce · 2026-02-27T09:59:53.000+13:00
Signed-off-by: Keshav Priyadarshi &lt;git@keshav.space&gt;
diff --git a/.github/workflows/run-android-deploy-to-develop.yml b/.github/workflows/run-android-deploy-to-develop.yml
@@ -0,0 +1,21 @@
+on: [push]
+
+jobs:
+  scan-codebase:
+    runs-on: ubuntu-24.04
+    name: Run Android D2D
+    steps:
+      - name: Get the action.yml from the current branch
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: action.yml
+          sparse-checkout-cone-mode: false
+
+      - uses: ./
+        with:
+          scancodeio-repo-branch: "bump-android"
+          scancodeio-extras: "android_analysis"
+          pipelines: "android_d2d"
+          input-urls:
+            https://github.com/aboutcode-org/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/from-flume-ng-node-1.9.0.zip#from
+            https://github.com/aboutcode-org/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/to-flume-ng-node-1.9.0.zip#to
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ from your **GitHub Workflows**.
   - [Check for compliance issues](#check-for-compliance-issues)
   - [Define a custom project name](#define-a-custom-project-name)
   - [Install ScanCode.io from a repository branch](#install-scancodeio-from-a-repository-branch)
+  - [Install ScanCode.io with optional dependencies](#install-scancodeio-with-optional-dependencies)
   - [Run source to binary mapping](#run-source-to-binary-mapping)
 - [Where does the scan results go?](#where-are-the-scan-results)
 
@@ -227,6 +228,14 @@ Activate this behavior by enabling `check-compliance` and setting
     scancodeio-repo-branch: "main"
 ```
 
+### Install ScanCode.io with optional dependencies
+
+```yaml
+- uses: aboutcode-org/scancode-action@beta
+  with:
+    scancodeio-extras: "android_analysis,mining"
+```
+
 ### Run source to binary mapping
 
 Use this [workflow template](.github/workflows/map-deploy-to-develop-template.yml) for validating the integrity of open-source binary. It compares a project’s binary to its source code. Workflow will generate mapping between compiled binary and its original source code, which helps in spotting any malicious, unexpected, or otherwise undesirable code that may have made its way into the final binary.
diff --git a/action.yml b/action.yml
@@ -44,6 +44,10 @@ inputs:
     description: "Branch to install ScanCode.io from the GitHub repository (optional)"
     required: false
     default: ""
+  scancodeio-extras:
+    description: "ScanCode.io optional dependencies (comma-separated) (optional)."
+    required: false
+    default: ""
 
 runs:
   using: "composite"
@@ -84,16 +88,27 @@ runs:
         sudo -u postgres psql -c "ALTER USER ${{ env.SCANCODEIO_DB_USER }} WITH ENCRYPTED PASSWORD '${{ env.SCANCODEIO_DB_PASSWORD }}'"
         sudo -u postgres createdb --owner=scancodeio --encoding=UTF-8 ${{ env.SCANCODEIO_DB_NAME }}
 
+    - name: Generate scancodeio pip install argument
+      if: env.SCANCODEIO_IS_INSTALLED != 'true'
+      shell: bash
+      run: |
+        SCANCODEIO_PIP_PACKAGE_ARG="scancodeio"
+        TRIMMED_EXTRAS="$(echo "${{ inputs.scancodeio-extras }}" | tr -d '[:space:]')"
+        if [ -n "$TRIMMED_EXTRAS" ]; then
+          SCANCODEIO_PIP_PACKAGE_ARG+="[$TRIMMED_EXTRAS]"
+        fi
+        echo "SCANCODEIO_PIP_PACKAGE_ARG=${SCANCODEIO_PIP_PACKAGE_ARG}" >> $GITHUB_ENV
+
     - name: Install ScanCode.io (only if not already installed)
       if: env.SCANCODEIO_IS_INSTALLED != 'true'
       shell: bash
       run: |
         if [ -z "${{ inputs.scancodeio-repo-branch }}" ]; then
-          echo "Installing the latest ScanCode.io release from PyPI"
-          pip install --upgrade scancodeio
+          echo "Installing the latest ${{ env.SCANCODEIO_PIP_PACKAGE_ARG }} release from PyPI"
+          pip install --upgrade "${{ env.SCANCODEIO_PIP_PACKAGE_ARG }}"
         else
-          echo "Installing ScanCode.io from the GitHub branch: ${{ inputs.scancodeio-repo-branch }}"
-          pip install git+https://github.com/aboutcode-org/scancode.io.git@${{ inputs.scancodeio-repo-branch }}
+          echo "Installing ${{ env.SCANCODEIO_PIP_PACKAGE_ARG }} from the GitHub branch: ${{ inputs.scancodeio-repo-branch }}"
+          pip install "${{ env.SCANCODEIO_PIP_PACKAGE_ARG }} @ git+https://github.com/aboutcode-org/scancode.io.git@${{ inputs.scancodeio-repo-branch }}"
         fi
 
     - name: Run migrations to prepare the database
