Inputs¶
Common Inputs¶
| Input | Required | Default | Description |
|---|---|---|---|
command |
Yes | Upload type: coverage, tests, scan, lint |
|
file |
Yes | File path, glob pattern, or space-separated list of files | |
api-key |
Yes | Drape API key | |
org |
No | github.repository_owner |
Drape organization slug |
repo |
No | github.repository |
Drape repository name |
cli-version |
No | latest |
Drape CLI version |
api-url |
No | https://app.drape.io |
Drape API URL |
wait |
No | true |
Wait for server-side processing |
timeout |
No | 120 |
Max wait time in seconds |
verbose |
No | false |
Enable verbose CLI output |
group |
No | Group label(s) | |
format |
No | File format: sarif, cyclonedx, cobertura, lcov, go (auto-detected for some types) |
|
comment |
No | true |
Post a PR comment with results |
comment-header |
No | drape-{command} |
Sticky comment identifier |
github-token |
No | github.token |
GitHub token for posting comments |
Coverage Inputs¶
| Input | Description |
|---|---|
path-prefix |
Path prefix mapping for coverage files |
target-branch |
Target branch for PR diff (auto-detected) |
total-shards |
Total coverage shards across all CI jobs in this run. Must be ≥ 2. Required to use batched fan-in. See batch mode. |
shard-key |
Shared identifier across sibling matrix shards. Auto-derived from the CI provider's run id when unset. Rarely needed. |
Batched coverage fan-in¶
When multiple jobs upload coverage for the same commit (matrix shards, a test job plus an integration-test job, etc.), set total-shards on each upload. The server waits for that many uploads to arrive, then merges into a single snapshot.
- uses: drape-io/drape-action@v2
with:
command: coverage
file: coverage-${{ matrix.group }}.xml
format: cobertura
group: python
total-shards: 3 # matrix of 3 shards
api-key: ${{ secrets.DRAPE_API_KEY }}
Shards auto-correlate by (provider_run_id, run_attempt, group). If a shard crashes and fewer than total-shards arrive, the server partial-finalizes after 5 minutes and flags the snapshot as partial. Late arrivals after partial-finalization trigger a server-side re-merge within ~15s, so a slow shard still in its wait window picks up the refreshed result and updates the PR comment.
See the GitHub Actions testing guide for the full canonical pattern.
Scan Inputs¶
| Input | Default | Description |
|---|---|---|
scan-name |
Scan name (e.g., Docker image name) | |
scan-tag |
Scan tag (e.g., image tag) | |
scan-type |
image or dependency |
|
fail-on-vulnerabilities |
false |
Exit non-zero if unsuppressed vulnerabilities found |
fail-on-severity |
medium |
Minimum severity: critical, high, medium, low, any |
Tests Inputs¶
| Input | Description |
|---|---|
job-name |
CI job name (auto-detected). Set explicitly for matrix shards so each shard gets its own row in the dashboard (e.g. Test Python (1/3)). Without it, shards collapse under the matrix base name. |
Examples¶
File Patterns¶
The file input supports three forms:
# Single file
file: results.xml
# Glob pattern
file: "test-results/scan*.sarif"
# Space-separated list (useful with dynamic outputs)
file: "results-unit.xml results-integration.xml results-e2e.xml"
Grouping Results¶
Use the group input to label uploads. This is useful when you have multiple test suites or CI jobs uploading to the same repository: