name: Aikido Security PR Scan
description: >
  Composite wrapper around the Aikido PR Docker scan.
  Automatically resolves repository, branch, and commit info from the forgejo context.
  Only the API key needs to be supplied by the caller.

inputs:
  apikey:
    description: Aikido CI API key
    required: true
  fail-on:
    description: 'Minimum severity to fail on: low, medium, high, critical'
    default: high
    required: false

runs:
  using: composite
  steps:
    - uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/internal-aikido-pr-scan@internal-aikido-pr-scan-v1
      with:
        apikey: ${{ inputs.apikey }}
        organization: ${{ forgejo.repository_owner }}
        repository-name: ${{ forgejo.event.repository.name }}
        branch-name: ${{ forgejo.head_ref }}
        base-commit-id: ${{ forgejo.event.pull_request.base.sha }}
        head-commit-id: ${{ forgejo.event.pull_request.head.sha }}
        fail-on: ${{ inputs.fail-on }}