name: "report-vulns"
description: "Check for vulnerabilities in go and node apps"
inputs:
  manager:
    description: "which auditing system to use, based on package manager. Available options are: (go|npm)"
    required: true
    default: "."
  panic:
    description: "determines whether the workflow fails when vulnerabilities are found: (yes|no)"
    required: true
    default: "yes"
runs:
  using: composite
  steps:
    - name: "run script"
      shell: bash
      run: ${{ github.action_path }}/security.sh
      env:
        PACKAGE_MANAGER: ${{ inputs.manager }}
        ERROR_ON_VULN: ${{ inputs.panic }}