@@ -2,10 +2,13 @@ name: Check and publish security advisories
22on :
33 workflow_call :
44 inputs :
5- artifact-name :
5+ fetch-key :
66 required : true
77 type : string
8- changed-advisoriese :
8+ is-artifact :
9+ required : true
10+ type : boolean
11+ changed-advisories :
912 required : false
1013 type : string
1114 default : ' []'
@@ -19,24 +22,33 @@ jobs:
1922 # We need to retrieve full history to determine the correct
2023 # `published` and `modified` timestamps
2124 fetch-depth : 0
22- - run : mkdir -p ~/.local/bin
23- - id : download
25+ - run : mkdir -p ~/.local/dockerImages
26+ - name : Fetch artifact
27+ if : ${{ inputs.is-artifact }}
2428 uses : actions/download-artifact@v3
2529 with :
26- name : ${{ inputs.artifact-name }}
27- path : ~/.local/bin
28- - run : chmod +x ~/.local/bin/hsec-tools
30+ name : ${{ inputs.fetch-key }}
31+ path : ~/.local/dockerImages
32+ - name : Fetch cache
33+ if : ${{ !inputs.is-artifact }}
34+ uses : actions/cache/restore@v3
35+ with :
36+ key : ${{ inputs.fetch-key }}
37+ path : ~/.local/dockerImages
38+ fail-on-cache-miss : true
39+ - run : docker load -i ~/.local/dockerImages/hsec-tools
40+ - name : ' Setup jq'
41+ 2942 - name : Run advisory syntax checks
30- env :
31- CHANGED_ADVISORIES : ${{ fromJSON(inputs.changed-advisories) }}
3243 run : |
44+ CHANGED_ADVISORIES=( $(echo "${{ inputs.changed-advisories }}" | jq -r '.[]') )
3345 cd source
3446 RESULT=0
3547 # Remove the begining of the README to extract the example.
3648 (echo '```toml'; sed -e '1,/```toml/d' README.md) > EXAMPLE_README.md
3749 while read FILE ; do
3850 echo -n "$FILE: "
39- hsec-tools check "$FILE" || RESULT=1
51+ docker run --rm -v $PWD:/advisories haskell/ hsec-tools:latest /bin/hsec-tools check "advisories/ $FILE" || RESULT=1
4052 done < <([ ${#CHANGED_ADVISORIES[@]} -gt 0 ] && echo $CHANGED_ADVISORIES || find advisories EXAMPLE_README.md EXAMPLE_ADVISORY.md -type f -name "*.md")
4153 exit $RESULT
4254name : Run advisory uniqueness checks
0 commit comments