Skip to content

feature: add query command to check wheter a package/version is affected #9

feature: add query command to check wheter a package/version is affected

feature: add query command to check wheter a package/version is affected #9

name: Check advisories
on:
- pull_request
jobs:
tools_changed:
continue-on-error: true
runs-on: ubuntu-22.04
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/[email protected]
with:
concurrent_skipping: "never"
skip_after_successful_duplicate: "true"
paths: '["code/**"]'
do_not_skip: '["push", "workflow_dispatch", "schedule"]'
advisories_changed:
continue-on-error: true
runs-on: ubuntu-22.04
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
changed_files: ${{ steps.process-changed-files.outputs.out }}
steps:
- id: skip_check
uses: fkirc/[email protected]
with:
concurrent_skipping: "never"
skip_after_successful_duplicate: "true"
paths: '["advisories/**", "EXAMPLE_ADVISORY.md"]'
do_not_skip: '["push", "workflow_dispatch", "schedule"]'
- id: process-changed-files
name: Extract matched files list
env:
PATHS_RESULT: ${{ steps.skip_check.outputs.paths_result }}
run: |
echo -n 'out=' >> "$GITHUB_OUTPUT"
# See https://github.com/fkirc/skip-duplicate-actions#paths_result
printenv PATHS_RESULT \
| jq --compact-output .global.matched_files >> "$GITHUB_OUTPUT"
code_hash:
name: Compute code directory hash
runs-on: ubuntu-22.04
outputs:
code_hash: ${{ steps.code-hash.outputs.code-hash }}
steps:
- name: git checkout
uses: actions/checkout@v3
- id: code-hash
run: |
code_hash=$(git rev-parse HEAD:code)
echo "code-hash=$code_hash" >> "$GITHUB_OUTPUT"
check_advisories:
name: Invoke check-advisories workflow
needs: [tools_changed, advisories_changed, code_hash]
if: ${{ needs.tools_changed.outputs.should_skip == 'true' && needs.advisories_changed.outputs.should_skip != 'true' }}
uses: ./.github/workflows/call-check-advisories.yml
with:
fetch-key: hsec-tools-${{ needs.code_hash.outputs.code_hash }}
is-artifact: false
changed-advisories: ${{ needs.advisories_changed.outputs.changed_files }}