Add OSV schema validation

haskell · Dec 11, 2024 · 427cb5e · 427cb5e
1 parent 2346144
commit 427cb5e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
@@ -59,6 +59,10 @@ jobs:
             mkdir -p $DATA_DIR/$YEAR
             docker run --rm -v $PWD:/repo --workdir /repo haskell/hsec-tools:latest /bin/hsec-tools osv "$FILE" > $DATA_DIR/$YEAR/$ID.json
           done < <(find advisories -type f -name "*.md" | grep -v '^advisories/reserved/')
+      - name: Validate OSV data
+        run: |
+          curl -OL https://raw.githubusercontent.com/ossf/osv-schema/refs/heads/main/validation/schema.json
+          nix develop .#json-schema --command check-jsonschema --schemafile ./schema.json ./osv/*/*.json
       - name: Publish OSV data
         if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'haskell/security-advisories' }}
         env:

diff --git a/flake.nix b/flake.nix
@@ -106,5 +106,6 @@
 
         # Used by `nix develop` (dev shell)
         devShell = hsec-tools true;
+        devShells.json-schema = pkgs.mkShell { buildInputs = [ pkgs.check-jsonschema ]; };
       });
 }