Integrations with the GitHub Actions environment are available in several forms.
The primary method is through the
This action is available in the GitHub Actions Marketplace.
Full documentation can be found there or by viewing the Phylum Analyze PR action repository directly.
The Phylum Analyze PR action is a Docker container action.
This has the advantage of ensuring everything needed to work with Phylum for analyzing a PR
for dependencies in lockfiles is self contained and known to function as a single unit.
There are some disadvantages and some users may prefer a different solution.
It is also possible to make direct use of the
phylum Python package within CI.
This may be necessary if the Docker image is unavailable or undesirable for some reason.
To use the
phylum package, install it and call the desired entry points from a script under your control.
See the Installation and Usage sections of the README file for more detail.
There is another way to use the
phylumio/phylum-ci Docker image,
but without it being encapsulated in the Phylum Analyze PR action directly.
GitHub Actions allows for workflows to run a job within a container,
container: statement in the workflow file.
These are known as container jobs.
More information can be found in GitHub documentation: "Running jobs in a container".
Updated 6 months ago