From 42a35dbf1a94d5965bfd7c7d555e35d4a4209a3e Mon Sep 17 00:00:00 2001
From: Ubiratan Soares <ubiratan.f.soares@gmail.com>
Date: Sun, 22 Sep 2024 16:37:48 +0200
Subject: [PATCH] Adds GHA definition and component tests

---
 .github/workflows/ci.yml | 15 +++++++++++++--
 action.yml               | 30 ++++++++++++++++++++++++++++++
 src/fixtures.sh          | 21 +++++++++++++++++++++
 3 files changed, 64 insertions(+), 2 deletions(-)
 create mode 100644 action.yml
 create mode 100755 src/fixtures.sh

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7403e37..a148a6c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -64,5 +64,16 @@ jobs:
       - name: Project Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
-      - name: Run tests
-        run: echo "To do"
+      - name: Prepares fixtures
+        run: ./src/fixtures.sh
+
+      - name: Component test for iOS GHA
+        uses: .
+        with:
+          archive-file: .tmp/pocket-casts-ios.xcarchive
+
+      - name: Component test for Android GHA
+        uses: .
+        with:
+          archive-file: .tmp/pocket-casts-android.apk
+          wait-for-summary: true
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..567d8d2
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,30 @@
+# Copyright 2024 Dotanuki Labs
+# SPDX-License-Identifier: MIT
+
+name: "appsweep-scan-action"
+description: "Scan Android or iOS artifacts for security issues with Guardsquare Appsweep"
+
+inputs:
+  archive-file:
+    description: >
+      Path to the Android archive to scan. Accepted formats: '.aab' and '.apk'
+    required: true
+  symbols:
+    description: >
+      Path to the R8/proguard mappings file (Android) or folder with dSyms (iOS)
+    required: false
+  wait-for-summary:
+    description: >
+      Whether or not this Action should wait for scan outcomes and show the summary of issues
+    default: "false"
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - shell: bash
+      run: |
+        ${{ github.action_path }}/src/main.sh \
+          --archive ${{ inputs.archive-file }} \
+          --extras ${{ inputs.symbols }} \
+          --summary ${{ inputs.wait-for-summary }}
diff --git a/src/fixtures.sh b/src/fixtures.sh
new file mode 100755
index 0000000..714b69a
--- /dev/null
+++ b/src/fixtures.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+# Copyright 2024 Dotanuki Labs
+# SPDX-License-Identifier: MIT
+
+set -euo pipefail
+
+readonly android_fixture="https://github.com/Automattic/pocket-casts-android/releases/download/7.72/app-7.72.apk"
+readonly android_package="pocket-casts-android.apk"
+readonly ios_fixture="https://github.com/Automattic/pocket-casts-ios/releases/download/7.72/PocketCasts.xcarchive.zip"
+readonly ios_package="pocket-casts-ios.xcarchive"
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "${script_dir%/*}"
+actual_dir=$(pwd)
+rm -rf "$actual_dir/.tmp" && mkdir "$actual_dir/.tmp"
+
+echo
+echo "Downloading fixtures to $HOME/.tmp"
+echo
+curl -fsSL -o "$actual_dir/.tmp/$android_package" -C - "$android_fixture"
+curl -fsSL -o "$actual_dir/.tmp/$ios_package" -C - "$ios_fixture"