almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

ci: Security scan ARM images
Some checks failed
Build dev environments / Build dev-env (debian-bookworm) (push) Has been cancelled
Details
Build dev environments / Build dev-env (debian-bullseye) (push) Has been cancelled
Details
Build dev environments / Build dev-env (debian-trixie) (push) Has been cancelled
Details
Build dev environments / Build dev-env (fedora-40) (push) Has been cancelled
Details
Build dev environments / Build dev-env (fedora-41) (push) Has been cancelled
Details
Build dev environments / Build dev-env (ubuntu-20.04) (push) Has been cancelled
Details
Build dev environments / Build dev-env (ubuntu-22.04) (push) Has been cancelled
Details
Build dev environments / Build dev-env (ubuntu-24.04) (push) Has been cancelled
Details
Build dev environments / Build dev-env (ubuntu-24.10) (push) Has been cancelled
Details
Build dev environments / build-container-image (push) Has been cancelled
Details
Tests / run-lint (push) Has been cancelled
Details
Tests / build-container-image (push) Has been cancelled
Details
Tests / Download and cache Tesseract data (push) Has been cancelled
Details
Tests / check-reproducibility (push) Has been cancelled
Details
Scan latest app and container / security-scan-container (ubuntu-24.04) (push) Has been cancelled
Details
Scan latest app and container / security-scan-container (ubuntu-24.04-arm) (push) Has been cancelled
Details
Scan latest app and container / security-scan-app (ubuntu-24.04) (push) Has been cancelled
Details
Scan latest app and container / security-scan-app (ubuntu-24.04-arm) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 22.04) (push) Has been cancelled
Details
Tests / windows (push) Has been cancelled
Details
Tests / macOS (arch64) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 24.04) (push) Has been cancelled
Details
Tests / macOS (x86_64) (push) Has been cancelled
Details
Tests / build-deb (debian bookworm) (push) Has been cancelled
Details
Tests / build-deb (debian bullseye) (push) Has been cancelled
Details
Tests / build-deb (debian trixie) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 20.04) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 24.10) (push) Has been cancelled
Details
Tests / install-deb (debian bookworm) (push) Has been cancelled
Details
Tests / install-deb (debian bullseye) (push) Has been cancelled
Details
Tests / install-deb (debian trixie) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 20.04) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 22.04) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 24.04) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 24.10) (push) Has been cancelled
Details
Tests / build-install-rpm (fedora 40) (push) Has been cancelled
Details
Tests / build-install-rpm (fedora 41) (push) Has been cancelled
Details
Tests / run tests (debian bookworm) (push) Has been cancelled
Details
Tests / run tests (debian bullseye) (push) Has been cancelled
Details
Tests / run tests (debian trixie) (push) Has been cancelled
Details
Tests / run tests (fedora 40) (push) Has been cancelled
Details
Tests / run tests (fedora 41) (push) Has been cancelled
Details
Tests / run tests (ubuntu 20.04) (push) Has been cancelled
Details
Tests / run tests (ubuntu 22.04) (push) Has been cancelled
Details
Tests / run tests (ubuntu 24.04) (push) Has been cancelled
Details
Tests / run tests (ubuntu 24.10) (push) Has been cancelled
Details

Browse source 
Scan ARM images using Anchore's scan action, by utilizing the Ubuntu ARM
runners provided by GitHub. While our ARM images are used only in macOS
silicon platforms, we can use the Ubuntu ARM runners just for scanning.

Closes #1008
This commit is contained in:
Alex Pyrgiotis 2025-03-10 18:30:07 +02:00
parent 53a952235c
commit 56663023f5
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
2 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
.github/workflows/scan.yml vendored
View file

@ -10,7 +10,12 @@ on:
jobs: jobs:
security-scan-container: security-scan-container:
runs-on: ubuntu-latest strategy:
matrix:
runs-on:
- ubuntu-24.04
- ubuntu-24.04-arm
runs-on: ${{ matrix.runs-on }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -58,7 +63,12 @@ jobs:
severity-cutoff: critical severity-cutoff: critical
security-scan-app: security-scan-app:
runs-on: ubuntu-latest strategy:
matrix:
runs-on:
- ubuntu-24.04
- ubuntu-24.04-arm
runs-on: ${{ matrix.runs-on }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4

14
.github/workflows/scan_released.yml vendored
View file

@ -9,11 +9,10 @@ jobs:
strategy: strategy:
matrix: matrix:
include: include:
- runs-on: ubuntu-latest - runs-on: ubuntu-24.04
arch: i686 arch: i686
# Do not scan Silicon mac for now to avoid masking release scan results for other plaforms. - runs-on: ubuntu-24.04-arm
# - runs-on: macos-latest arch: arm64
# arch: arm64
runs-on: ${{ matrix.runs-on }} runs-on: ${{ matrix.runs-on }}
steps: steps:
- name: Checkout - name: Checkout
@ -55,7 +54,12 @@ jobs:
severity-cutoff: critical severity-cutoff: critical
security-scan-app: security-scan-app:
runs-on: ubuntu-latest strategy:
matrix:
runs-on:
- ubuntu-24.04
- ubuntu-24.04-arm
runs-on: ${{ matrix.runs-on }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4