UNPKG

github-show-actions

Version:

Show all GitHub Actions used by a user/org

github.com/mheap/github-show-actions

mheap/github-show-actions

93 lines (61 loc) 3.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# github-show-actions This CLI allows you to audit which GitHub Actions are being used by a user / org / team. > **Warning**: It will make a _lot_ of API calls as it has to list your repos, then list the workflows directory, then fetch the contents of each workflows ## Installation ### NPM ```bash npm install -g github-show-actions ``` ### Docker ```bash alias github-show-actions="docker run --rm -e GITHUB_TOKEN mheap/github-show-actions" ``` ## Example output ![Example Output](https://user-images.githubusercontent.com/59130/101267633-a92bd480-3752-11eb-952c-d3df031572fb.png) ## Usage You'll need to authenticate to use this tool. You can either set the `GITHUB_TOKEN` environment variable, or pass the `--pat` flag. Generate a new Personal Access Token [on GitHub](https://github.com/settings/tokens). If you have gh-cli installed, you can authenticate with `gh auth login --scopes repo` and then run this tool without any additional configuration. For GitHub Enterprise, you can use `gh auth login --hostname <your-ghe-hostname>` to authenticate and then run the tool with the `--base-url` flag. ```bash # Set environment variables export GITHUB_TOKEN=$(gh auth token --hostname your_company.ghe.com) export GITHUB_BASE_URL=https://your_company.ghe.com/api/v3 # Run the tool github-show-actions --target your_org --base-url $GITHUB_BASE_URL ``` The simplest usage of this tool is to pass the `--target` parameter. This will return a list of actions used in all public and private repos, grouped by `repo` ```bash github-show-actions --target <org> ``` > You can pass the `--format json` flag to see the raw data To get the same information, but group by the action name/version instead you can use the `--group` flag: ```bash github-show-actions --target <org> --group action ``` The action takes quite a while to run, so you may want to cache the data returned. You can do so with the `--cache` flag (this will **always** return the same data, ignoring any flags you pass except `group` and `show-workflow`): ```bash github-show-actions --target <org> --group action --cache /tmp/cache.json ``` If you'd like to show actions used in public repos only you can pass the `--visibility` parameter: ```bash github-show-actions --target <org> --group action --cache /tmp/cache.json --visibility public ``` Generate list of external action without versions (useful to prepare allow list for organization): ```bash ❯ github-show-actions \ --target my_org \ --base-url $GITHUB_BASE_URL \ --group action \ --cache .cache.json \ --actions-only-external \ --strip-version-number \ --exclude-orgs "some-org-1,some-org-2" ``` Finally, if you'd like to see the workflow name that uses each action you can pass `--show-workflow`: ```bash github-show-actions --target <org> --group action --cache /tmp/cache.json --visibility public --show-workflow ``` See `github-show-actions --help` for a full list of options ## FAQ **Why doesn't this use the /search API to find workflows?** The search API has [a timeout](https://developer.github.com/changes/2014-04-07-understanding-search-results-and-potential-timeouts/) which means that it can not be relied on to return all workflows