mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-05-06 05:31:48 +02:00
Compare commits
No commits in common. "b84463a6ce96f05841a3f65a6c26508562359e5a" and "e75988f2f4c0554a301ee0344590d42e2f43979f" have entirely different histories.
b84463a6ce
...
e75988f2f4
1 changed files with 2 additions and 30 deletions
32
.github/workflows/scan_released.yml
vendored
32
.github/workflows/scan_released.yml
vendored
|
|
@ -10,41 +10,20 @@ jobs:
|
|||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- runs-on: ubuntu-latest
|
||||
arch: i686
|
||||
# - runs-on: ubuntu-latest
|
||||
# arch: i686
|
||||
- runs-on: macos-latest
|
||||
arch: arm64
|
||||
runs-on: ${{ matrix.runs-on }}
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Docker and Colima (macOS only)
|
||||
if: runner.os == 'macOS'
|
||||
run: |
|
||||
brew install docker colima
|
||||
colima start
|
||||
# Wait for Docker daemon to be ready
|
||||
timeout=30
|
||||
while ! docker info >/dev/null 2>&1; do
|
||||
if [ $timeout -le 0 ]; then
|
||||
echo "Timed out waiting for Docker daemon"
|
||||
exit 1
|
||||
fi
|
||||
timeout=$((timeout-1))
|
||||
sleep 1
|
||||
done
|
||||
|
||||
- name: Download container image for the latest release and load it
|
||||
run: |
|
||||
VERSION=$(curl https://api.github.com/repos/freedomofpress/dangerzone/releases/latest | grep "tag_name" | cut -d '"' -f 4)
|
||||
CONTAINER_FILENAME=container-${VERSION:1}-${{ matrix.arch }}.tar.gz
|
||||
wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/${CONTAINER_FILENAME} -O ${CONTAINER_FILENAME}
|
||||
docker load -i ${CONTAINER_FILENAME}
|
||||
|
||||
# NOTE: Scan first without failing, else we won't be able to read the scan
|
||||
# report.
|
||||
- name: Scan container image (no fail)
|
||||
|
|
@ -55,16 +34,13 @@ jobs:
|
|||
fail-build: false
|
||||
only-fixed: false
|
||||
severity-cutoff: critical
|
||||
|
||||
- name: Upload container scan report
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
with:
|
||||
sarif_file: ${{ steps.scan_container.outputs.sarif }}
|
||||
category: container-${{ matrix.arch }}
|
||||
|
||||
- name: Inspect container scan report
|
||||
run: cat ${{ steps.scan_container.outputs.sarif }}
|
||||
|
||||
- name: Scan container image
|
||||
uses: anchore/scan-action@v5
|
||||
with:
|
||||
|
|
@ -73,10 +49,6 @@ jobs:
|
|||
only-fixed: false
|
||||
severity-cutoff: critical
|
||||
|
||||
- name: Cleanup Colima (macOS only)
|
||||
if: runner.os == 'macOS'
|
||||
run: colima stop
|
||||
|
||||
security-scan-app:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
|
|
|||
Loading…
Reference in a new issue