name: RepoPilot
description: "Run RepoPilot static analysis on your repository"
author: "MykytaStel"
branding:
icon: shield
color: blue
inputs:
command:
description: "Command to run: scan | review | compare | doctor | ai-context | ai-plan | ai-prompt"
required: false
default: "scan"
format:
description: "Output format: auto | console | json | markdown | sarif. auto uses sarif for scan and markdown for review/compare/doctor; AI commands emit Markdown."
required: false
default: "auto"
path:
description: "Path passed to scan, review, doctor, or AI commands."
required: false
default: "."
config:
description: "Optional repopilot.toml path."
required: false
default: ""
baseline:
description: "Optional baseline path for scan/review."
required: false
default: ""
fail-on:
description: "Optional scan/review failure threshold, e.g. new-high."
required: false
default: ""
fail-on-priority:
description: "Optional scan/review failure threshold by risk priority: p0 | p1 | p2 | p3."
required: false
default: ""
min-severity:
description: "Optional minimum rendered severity, e.g. high."
required: false
default: ""
min-priority:
description: "Optional minimum rendered risk priority: p0 | p1 | p2 | p3."
required: false
default: ""
rule:
description: "Optional scan rule filter. For multiple rules, provide a space-separated list of rule IDs."
required: false
default: ""
timing:
description: "Print per-phase scan timing breakdown for scan commands."
required: false
default: "false"
base:
description: "Optional Git base ref for review."
required: false
default: ""
head:
description: "Optional Git head ref for review; requires base."
required: false
default: ""
focus:
description: "Optional AI focus: security | arch | architecture | quality | framework | all."
required: false
default: ""
budget:
description: "Optional AI token budget: 2k | 4k | 8k | 16k or a positive integer."
required: false
default: ""
output:
description: "Optional output path for commands that write reports."
required: false
default: ""
receipt:
description: "Optional audit receipt JSON path for scan."
required: false
default: ""
args:
description: "Advanced extra CLI arguments appended after typed inputs. Prefer typed inputs for CI workflows."
required: false
default: ""
version:
description: "npm version tag to install. Pin this for reproducible CI (e.g. 0.15.0)."
required: false
default: "0.15.0"
upload-sarif:
description: "Automatically upload SARIF output to GitHub Code Scanning"
required: false
default: "true"
outputs:
sarif-file:
description: "Path to the generated SARIF file (only set when format is sarif)"
value: ${{ steps.run.outputs.sarif_file }}
receipt-file:
description: "Path to the generated audit receipt JSON file (only set when receipt is provided for scan)"
value: ${{ steps.run.outputs.receipt_file }}
runs:
using: composite
steps:
- name: Install repopilot
shell: bash
run: npm install -g repopilot@${{ inputs.version }}
- name: Run repopilot
id: run
shell: bash
env:
INPUT_COMMAND: ${{ inputs.command }}
INPUT_FORMAT: ${{ inputs.format }}
INPUT_PATH: ${{ inputs.path }}
INPUT_CONFIG: ${{ inputs.config }}
INPUT_BASELINE: ${{ inputs.baseline }}
INPUT_FAIL_ON: ${{ inputs.fail-on }}
INPUT_FAIL_ON_PRIORITY: ${{ inputs.fail-on-priority }}
INPUT_MIN_SEVERITY: ${{ inputs.min-severity }}
INPUT_MIN_PRIORITY: ${{ inputs.min-priority }}
INPUT_RULE: ${{ inputs.rule }}
INPUT_TIMING: ${{ inputs.timing }}
INPUT_BASE: ${{ inputs.base }}
INPUT_HEAD: ${{ inputs.head }}
INPUT_FOCUS: ${{ inputs.focus }}
INPUT_BUDGET: ${{ inputs.budget }}
INPUT_OUTPUT: ${{ inputs.output }}
INPUT_RECEIPT: ${{ inputs.receipt }}
INPUT_ARGS: ${{ inputs.args }}
run: |
bash "$GITHUB_ACTION_PATH/scripts/repopilot-action.sh"
- name: Upload SARIF to GitHub Code Scanning
if: inputs.upload-sarif == 'true' && steps.run.outputs.sarif_file != ''
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ steps.run.outputs.sarif_file }}