Skip to content

cabal-audit: init

cabal-audit: init #432

Workflow file for this run

name: nix build
on:
- push
- pull_request
jobs:
tools-changed:
continue-on-error: true
runs-on: ubuntu-22.04
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/[email protected]
with:
concurrent_skipping: "never"
skip_after_successful_duplicate: "true"
paths: '["code/**"]'
do_not_skip: '["push", "workflow_dispatch", "schedule"]'
check-nix:
name: Check nix build
needs: tools-changed
if: ${{ needs.tools_changed.outputs.should_skip != 'true' }}
uses: ./.github/workflows/call-nix.yml
check-advisories:
name: Invoke check-advisories workflow
if: ${{ needs.tools_changed.outputs.should_skip != 'true' }}
needs: check-nix
uses: ./.github/workflows/call-check-advisories.yml
with:
fetch-key: hsec-tools-${{ github.sha }}
is-artifact: true
generate-website:
name: Generate advisories website
if: ${{ github.ref == 'refs/heads/main' }}
needs: check-advisories
runs-on: ubuntu-22.04
permissions:
contents: write # for git push (s0/git-publish-subdir-action)
steps:
- uses: actions/checkout@v4
with:
# We need to retrieve full history to determine the correct
# `published` and `modified` timestamps
fetch-depth: 0
- run: mkdir -p ~/.local/dockerImages
- name: Fetch artifact
uses: actions/download-artifact@v3
with:
name: hsec-tools-${{ github.sha }}
path: ~/.local/dockerImages
- run: docker load -i ~/.local/dockerImages/hsec-tools
- name: Generate the website
run: |
mkdir generatedWebsite
docker run --rm -v $PWD:/repo --workdir /repo haskell/hsec-tools:latest /bin/hsec-tools generate-index . generatedWebsite
cp generatedWebsite/by-dates.html generatedWebsite/index.html
rm -Rf generatedWebsite/advisories || echo "Markdown links issue has been fixed"
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./generatedWebsite
publish_branch: generated/gh-pages
force_orphan: true