dfetch-org · spoorcc · Jul 11, 2025 · Jul 11, 2025 · Jul 11, 2025 · Jul 11, 2025
diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml
@@ -30,11 +30,10 @@ jobs:
       - run: dfetch check
       - run: dfetch update
       - run: dfetch update
-      - run: dfetch check --sarif sarif.json
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+      - name: Dfetch SARIF Check
+        uses: ./
         with:
-          sarif_file: sarif.json
+          working-directory: '.'
 
       - name: Run example
         working-directory: ./example
@@ -87,8 +86,8 @@ jobs:
       - run: dfetch check
       - run: dfetch update
       - run: dfetch update
-      - run: dfetch check --sarif sarif.json
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+      - name: Dfetch SARIF Check
+        uses: ./
         with:
-          sarif_file: sarif.json
+          working-directory: '.'
+
diff --git a/README.md b/README.md
@@ -37,11 +37,29 @@ See [alternatives](https://dfetch.readthedocs.io/en/latest/alternatives.html) fo
 ## Install
 
 ### Stable
+
 ```bash
 pip install dfetch
 ```
 
 ### latest version
+
 ```bash
 pip install https://github.com/dfetch-org/dfetch/archive/main.zip
 ```
+
+## Github Action
+
+You can use DFetch in your Github Actions workflow to check your dependencies.
+The results will be uploaded to Github. Add the following to your workflow file:
+
+```yaml
+jobs:
+  dfetch-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Dfetch Check
+        uses: dfetch-org/dfetch@main
+        with:
+          working-directory: '.' # optional, defaults to project root
+```
diff --git a/action.yml b/action.yml
@@ -0,0 +1,38 @@
+name: 'Dfetch Check'
+description: 'Run dfetch check and upload SARIF results.'
+author: 'dfetch-org'
+branding:
+  icon: 'check-circle'
+  color: 'blue'
+
+inputs:
+  working-directory:
+    description: 'Directory to run dfetch in (default: project root)'
+    required: false
+    default: '.'
+
+outputs:
+  sarif-path:
+    description: 'Path to the generated SARIF file.'
+    value: sarif.json
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.13'
+    - name: Install dfetch
+      run: pip install .
+      shell: bash
+    - name: Run dfetch check (SARIF)
+      run: dfetch check --sarif sarif.json
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: sarif.json
diff --git a/doc/dfetch-action.md b/doc/dfetch-action.md
diff --git a/pyproject.toml b/pyproject.toml
@@ -88,7 +88,7 @@ development = [
     'pyright==1.1.403',
     "tomli; python_version < '3.11'", # Tomllib is default in 3.11, required for letting codespell read the pyproject.toml
     'pre-commit==4.2.0',
-    'ruff==0.12.2',
+    'ruff==0.12.3',
 ]
 docs = [
     'sphinx==8.2.3',