Initial release

.eslintignore

@@ -0,0 +1 @@
+dist/

.eslintrc.json

@@ -0,0 +1,28 @@
+{
+    "env": {
+        "node": true,
+        "commonjs": true,
+        "es2021": true,
+        "jest":true
+    },
+    "extends": "eslint:recommended",
+    "overrides": [
+    ],
+    "parserOptions": {
+        "ecmaVersion": "latest"
+    },
+    "rules": {
+        "indent": [
+            "error",
+            "tab"
+        ],
+        "quotes": [
+            "error",
+            "single"
+        ],
+        "semi": [
+            "error",
+            "never"
+        ]
+    }
+}

.github/workflows/test.yml

@@ -0,0 +1,14 @@
+name: "Unit Test"
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  # unit tests
+  unit-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - run: npm run test

.gitignore

@@ -0,0 +1 @@
+coverage/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Xendit https://xendit.co
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,58 @@
+# Xendit API Key Scanner
+Xendit API Key Scanner is a Github action to detect Xendit API Key in the pull request.
+The action will fail if there is any detected Xendit API Key in the changed code in a spesific pull request. The action will give the detail path in Pull Request Comment. 
+
+Example of PR Comment : 
+<img  src="docs/pr_comment.png">
+
+## Inputs 
+- `github-token` (Optional) Github token to create PR Comment. By default using github token provided by github action.
+
+## How to use
+1. Create config inside `.github/workflow` folder.
+example config : 
+```
+name: 'Test - Xendit API Key Detector Action'
+
+on: pull_request
+jobs:
+  scan_job:
+    runs-on: ubuntu-latest
+    name: Xendit API Key Detector Action
+    steps:
+      - name: Scan Job
+        uses: xendit/[email protected]
+```
+using custom `gihtub-token` input (optional) :
+```
+name: 'Test - Xendit API Key Detector Action'
+
+on: pull_request
+jobs:
+  scan_job:
+    runs-on: ubuntu-latest
+    name: Xendit API Key Detector Action
+    steps:
+      - name: Scan Job
+        uses: xendit/[email protected]
+        with:
+          github-token: <github-token>
+```
+2. Create pull request to test the action
+
+## Limitation
+
+1. Only detect in the Pull Request trigger
+
+## Contributing
+
+Running test suite
+```bash
+npm install
+npm run test
+```
+Run before open pull request
+```bash
+npm run prepare
+```
+For any requests, bug or comments, please [open an issue](https://github.com/xendit/xendit-api-key-scanner-action/issues) or [submit a pull request](https://github.com/xendit/xendit-api-key-scanner-action/pulls).

action.yaml

@@ -0,0 +1,9 @@
+name: 'Xendit API Key Detector'
+description: 'Detect xendit / iluma / instamoney API Key in Pull Request.'
+inputs:
+  github-token:
+    description: 'Github Token to generate Pull Request Comment'
+    default: ${{ github.token }}
+runs:
+  using: 'node16'
+  main: 'dist/index.js'