ReVanced/revanced-releases-api
1
0
Fork 0
mirror of https://github.com/revanced/revanced-releases-api.git synced 2025-05-06 16:54:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add trivy scanner to CI

Browse Source
This commit is contained in:
Alexandre Teles 2022-09-30 20:11:59 -03:00
parent 181653ad68
commit 2c83789cd7
No known key found for this signature in database
GPG Key ID: 260D825F04C0527E
4 changed files with 48 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
.github/workflows/dev.yml vendored
View File

@ -13,32 +13,7 @@ env:
IMAGE_TAG: ${{ github.sha }} IMAGE_TAG: ${{ github.sha }}
jobs: jobs:
flake8:
name: Code Quality
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.10.6
uses: actions/setup-python@v1
with:
python-version: 3.10.7
- name: Lint with flake8
run: |
pip install flake8 flake8-html
# stop the build if there are Python syntax errors or undefined names
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
mkdir -p reports/flake8
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8
- name: Archive flake8 coverage results
uses: actions/upload-artifact@v1
with:
name: flake8-coverage-report
path: reports/flake8/
security_checks: security_checks:
needs: flake8
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Security check name: Security check
steps: steps:
@ -92,3 +67,15 @@ jobs:
push: false push: false
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.meta.outputs.tags }}
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'

37
.github/workflows/features.yml vendored
View File

@ -14,32 +14,7 @@ env:
IMAGE_TAG: ${{ github.sha }} IMAGE_TAG: ${{ github.sha }}
jobs: jobs:
flake8:
name: Code Quality
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.10
uses: actions/setup-python@v1
with:
python-version: 3.10.7
- name: Lint with flake8
run: |
pip install flake8 flake8-html
# stop the build if there are Python syntax errors or undefined names
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
mkdir -p reports/flake8
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8
- name: Archive flake8 coverage results
uses: actions/upload-artifact@v1
with:
name: flake8-coverage-report
path: reports/flake8/
security_checks: security_checks:
needs: flake8
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Security check name: Security check
steps: steps:
@ -93,3 +68,15 @@ jobs:
push: false push: false
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.meta.outputs.tags }}
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'

12
.github/workflows/main.yml vendored
View File

@ -63,3 +63,15 @@ jobs:
push: true push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.meta.outputs.tags }}
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'

37
.github/workflows/pull_requests.yml vendored
View File

@ -9,32 +9,7 @@ env:
IMAGE_TAG: ${{ github.sha }} IMAGE_TAG: ${{ github.sha }}
jobs: jobs:
flake8:
name: Code Quality
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.10.7
uses: actions/setup-python@v1
with:
python-version: 3.10.7
- name: Lint with flake8
run: |
pip install flake8 flake8-html
# stop the build if there are Python syntax errors or undefined names
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
mkdir -p reports/flake8
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8
- name: Archive flake8 coverage results
uses: actions/upload-artifact@v1
with:
name: flake8-coverage-report
path: reports/flake8/
security_checks: security_checks:
needs: flake8
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Security check name: Security check
steps: steps:
@ -88,3 +63,15 @@ jobs:
push: false push: false
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.meta.outputs.tags }}
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'