action.yml

# action.yml
name: 'Data Theorem Mobile Secure'
description: |
  Uploads your pre-production mobile app binaries to Data Theorem for scanning.
inputs:
  DT_UPLOAD_API_KEY:
    description: 'Data Theorem upload API key'
    required: true
  DT_RESULTS_API_KEY:
    description: 'Data Theorem results API key (required when BLOCK_ON_SEVERITY is used)'
    required: false
  UPLOAD_BINARY_PATH:
    description: >
      Path to the app to upload.

      You can use a glob pattern to indicate variable parts of the build's file name (for example, if the app's version number or build date is in the file name).
      Examples of glob patterns:
      - `app-*.apk` : search for any apk starting with `app-` in workspace root directory
      - `**/app-*.ipa` : search for any ipa starting with `app-` in any subdirectory of the workspace
      - `{,**/}app-debug*.*` : search for any file containing `app-debug` in root the directory or in any subdirectory of the workspace

      If multiple files match the provided pattern all matching files will be uploaded. The pattern should not match more than 3 files.
    required: true
  SOURCEMAP_FILE_PATH:
    description: >
      Path to the sourcemap file used to map obfuscated symbols to their original code name
    required: false
  USERNAME:
    description: >
      Username to be used for authenticated testing of the application.  If provided, will override the previosly provided value.
    required: false
  PASSWORD:
    description: >
      Password to be used for authenticated testing of the application.  If provided, will override the previosly provided value. Use of GitHub secrets is recommended.
    required: false
  COMMENTS:
    description: >
      Miscellaneous, free-form comments regarding the upload.
    required: false
  RELEASE_ID:
    description: >
      A custom ID associated with the binary being submitted, since the app version may not change very often.
      It is recommended that you use a unique value for this, such as the CI/CD job ID.
      If not set, Data Theorem will assign the binary a release_id.
    required: false
  PLATFORM_VARIANT:
    description: >
      The variant of the platform to use for scanning; Currently, the accepted value is
      IOS_ON_MAC (scan an iOS build on an Apple Silicon Mac instead of on an iOS device, in order to exercise code paths that are specific to Macs.)
    required: false
  EXTERNAL_ID:
    description: >
      The external_id field represents your organization’s custom identifier for the app, if any.
    required: false
  BLOCK_ON_SEVERITY:
    description: >
      Block the build if vulnerabilities with the specified minimum severity are found.
      Valid values: HIGH, MEDIUM, LOW. If not specified, build will not be blocked.
    required: false
  WARN_ON_SEVERITY:
    description: >
      Print warning messages if vulnerabilities with the specified minimum severity are found.
      This is a softer version of BLOCK_ON_SEVERITY that doesn't fail the build.
      Valid values: HIGH, MEDIUM, LOW. If not specified, no warnings will be shown.
      This requires a Data Theorem Mobile Results API Key to be set.
    required: false
  POLLING_TIMEOUT:
    description: >
      Stop polling the scan result after the specified time in seconds, default is 5 minutes.
    required: false
  WAIT_FOR_STATIC_SCAN_ONLY:
    description: >
      When enabled, waits for the static_scan to be COMPLETED instead of the top-level scan. Default is false.
    required: false
  SEVERITY_CHECK_SCOPE:
    description: >
      Controls whether BLOCK_ON_SEVERITY and WARN_ON_SEVERITY check only findings
      from the current scan or all open findings in the mobile app.
      Valid values: CURRENT_SCAN, ALL_ISSUES
      - CURRENT_SCAN: Check only findings discovered in the current scan (default)
      - ALL_ISSUES: Check all open findings associated with the mobile app
      Default: CURRENT_SCAN
    required: false
    default: 'CURRENT_SCAN'
runs:
  using: 'node20'
  main: 'main.js'
branding:
  color: 'blue'
  icon: 'arrow-up-circle'