almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Use colima on the mac runners

Browse source
This commit is contained in:
Alexis Métaireau 2024-11-25 18:44:04 +01:00
parent cee13ad9a0
commit 19eba9ec94
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/scan_released.yml vendored
View file

@ -21,12 +21,20 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Setup Colima (macOS only)
if: runner.os == 'macOS'
run: |
brew install colima
colima start
- name: Download container image for the latest release and load it - name: Download container image for the latest release and load it
run: | run: |
VERSION=$(curl https://api.github.com/repos/freedomofpress/dangerzone/releases/latest | grep "tag_name" | cut -d '"' -f 4) VERSION=$(curl https://api.github.com/repos/freedomofpress/dangerzone/releases/latest | grep "tag_name" | cut -d '"' -f 4)
CONTAINER_FILENAME=container-${VERSION:1}-${{ matrix.arch }}.tar.gz CONTAINER_FILENAME=container-${VERSION:1}-${{ matrix.arch }}.tar.gz
wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/${CONTAINER_FILENAME} -O ${CONTAINER_FILENAME} wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/${CONTAINER_FILENAME} -O ${CONTAINER_FILENAME}
docker load -i ${CONTAINER_FILENAME} docker load -i ${CONTAINER_FILENAME}
# NOTE: Scan first without failing, else we won't be able to read the scan # NOTE: Scan first without failing, else we won't be able to read the scan
# report. # report.
- name: Scan container image (no fail) - name: Scan container image (no fail)
@ -37,13 +45,16 @@ jobs:
fail-build: false fail-build: false
only-fixed: false only-fixed: false
severity-cutoff: critical severity-cutoff: critical
- name: Upload container scan report - name: Upload container scan report
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: ${{ steps.scan_container.outputs.sarif }} sarif_file: ${{ steps.scan_container.outputs.sarif }}
category: container-${{ matrix.arch }} category: container-${{ matrix.arch }}
- name: Inspect container scan report - name: Inspect container scan report
run: cat ${{ steps.scan_container.outputs.sarif }} run: cat ${{ steps.scan_container.outputs.sarif }}
- name: Scan container image - name: Scan container image
uses: anchore/scan-action@v5 uses: anchore/scan-action@v5
with: with:
@ -52,6 +63,10 @@ jobs:
only-fixed: false only-fixed: false
severity-cutoff: critical severity-cutoff: critical
- name: Cleanup Colima (macOS only)
if: runner.os == 'macOS'
run: colima stop
security-scan-app: security-scan-app:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps: