feat: add cli_image input to action.yml and update tests to utilize it

Author: Valentin REJAUNIER

.github/workflows/github-action-tests.yaml

@@ -7,12 +7,30 @@ on:
   pull_request:
   workflow_dispatch:
 
+env:
+  GO_VERSION: "1.25.0"
+  CLI_IMAGE: escape-cli:pr-${{ github.sha }}
+
 jobs:
-  validate-action-definition:
+  github-action-tests:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
 
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - uses: goreleaser/goreleaser-action@v6
+        with:
+          install-only: true
+
+      - name: Build CLI image
+        run: goreleaser release --snapshot --clean --skip=archive
+
+      - name: Tag image for action
+        run: docker tag goreleaser.ko.local:latest "${CLI_IMAGE}"
+
       - name: Verify action.yml structure
         run: |
           python3 -c "
@@ -32,57 +50,46 @@ jobs:
           print('action.yml is valid')
           "
 
-  test-missing-profile-id:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-
       - name: Run action without profile_id
-        id: run
+        id: missing_profile
         continue-on-error: true
         uses: ./
         with:
           api_key: "fake-key-for-testing"
+          cli_image: ${{ env.CLI_IMAGE }}
 
-      - name: Assert failure
-        if: steps.run.outcome == 'success'
+      - name: Assert failure when profile_id is missing
+        if: steps.missing_profile.outcome == 'success'
         run: |
           echo "Expected action to fail when profile_id is missing"
           exit 1
 
-  test-missing-api-key:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
       - name: Run action without api_key
-        id: run
+        id: missing_api_key
         continue-on-error: true
         uses: ./
         with:
           profile_id: "fake-profile-id"
+          cli_image: ${{ env.CLI_IMAGE }}
 
-      - name: Assert failure
-        if: steps.run.outcome == 'success'
+      - name: Assert failure when api_key is missing
+        if: steps.missing_api_key.outcome == 'success'
         run: |
           echo "Expected action to fail when api_key is missing"
           exit 1
 
-  test-start-scan:
-    runs-on: ubuntu-latest
-    if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
-    steps:
-      - uses: actions/checkout@v6
-
       - name: Require E2E secrets
+        if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
         run: |
           if [ -z "${{ secrets.E2E_API_KEY }}" ] || [ -z "${{ secrets.E2E_PROFILE_ID }}" ]; then
             echo "::error::Configure repository secrets E2E_API_KEY and E2E_PROFILE_ID for the Escape DAST scan."
             exit 1
           fi
 
       - name: Run Escape DAST scan
+        if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
         uses: ./
         with:
           profile_id: ${{ secrets.E2E_PROFILE_ID }}
           api_key: ${{ secrets.E2E_API_KEY }}
+          cli_image: ${{ env.CLI_IMAGE }}

.gitignore

@@ -1,4 +1,5 @@
 # Go
+dist/
 *.exe
 *.exe~
 *.dll

README.md

@@ -39,5 +39,4 @@ jobs:
         with:
           profile_id: ${{ secrets.ESCAPE_PROFILE_ID }}
           api_key: ${{ secrets.ESCAPE_API_KEY }}
-          watch: "true"
 ```

action.yml

@@ -20,6 +20,9 @@ inputs:
     description: "Wait until the scan ends and print the results"
     required: false
     default: "false"
+  cli_image:
+    description: "Override the CLI Docker image. Defaults to the released version."
+    required: false
 
   # Deprecated
   timeout:
@@ -54,9 +57,10 @@ runs:
         ESCAPE_WATCH: ${{ inputs.watch }}
         ESCAPE_CONFIGURATION_OVERRIDE: ${{ inputs.configuration_override }}
         ESCAPE_SCHEMA: ${{ inputs.schema }}
+        ESCAPE_CLI_IMAGE_OVERRIDE: ${{ inputs.cli_image }}
       run: |
         set -euo pipefail
-        ESCAPE_CLI_IMAGE="docker.io/escapetech/cli:$(cat "$GITHUB_ACTION_PATH/version.txt")"
+        ESCAPE_CLI_IMAGE="${ESCAPE_CLI_IMAGE_OVERRIDE:-docker.io/escapetech/cli:$(cat "$GITHUB_ACTION_PATH/version.txt")}"
         PROFILE_ID="${INPUT_PROFILE_ID:-}"
         if [ -z "${PROFILE_ID}" ]; then
           echo "profile_id is not set"