Add HSEC-2024-0002 #411
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: nix build | |
on: | |
- push | |
- pull_request | |
jobs: | |
tools-changed: | |
continue-on-error: true | |
runs-on: ubuntu-22.04 | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
steps: | |
- id: skip_check | |
uses: fkirc/[email protected] | |
with: | |
concurrent_skipping: "never" | |
skip_after_successful_duplicate: "true" | |
paths: '["code/**"]' | |
do_not_skip: '["push", "workflow_dispatch", "schedule"]' | |
check-nix: | |
name: Check nix build | |
needs: tools-changed | |
if: ${{ needs.tools_changed.outputs.should_skip != 'true' }} | |
uses: ./.github/workflows/call-nix.yml | |
check-advisories: | |
name: Invoke check-advisories workflow | |
if: ${{ needs.tools_changed.outputs.should_skip != 'true' }} | |
needs: check-nix | |
uses: ./.github/workflows/call-check-advisories.yml | |
with: | |
fetch-key: hsec-tools-${{ github.sha }} | |
is-artifact: true | |
generate-website: | |
name: Generate advisories website | |
if: ${{ github.ref == 'refs/heads/main' }} | |
needs: check-advisories | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: write # for git push (s0/git-publish-subdir-action) | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# We need to retrieve full history to determine the correct | |
# `published` and `modified` timestamps | |
fetch-depth: 0 | |
- run: mkdir -p ~/.local/dockerImages | |
- name: Fetch artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: hsec-tools-${{ github.sha }} | |
path: ~/.local/dockerImages | |
- run: docker load -i ~/.local/dockerImages/hsec-tools | |
- name: Generate the website | |
run: | | |
mkdir generatedWebsite | |
docker run --rm -v $PWD:/repo --workdir /repo haskell/hsec-tools:latest /bin/hsec-tools generate-index . generatedWebsite | |
cp generatedWebsite/by-dates.html generatedWebsite/index.html | |
rm -Rf generatedWebsite/advisories || echo "Markdown links issue has been fixed" | |
- name: Deploy | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./generatedWebsite | |
publish_branch: generated/gh-pages | |
force_orphan: true |