diff options
Diffstat (limited to 'libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch')
-rw-r--r-- | libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch b/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch new file mode 100644 index 000000000000..66ceb1d9b3d7 --- /dev/null +++ b/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch @@ -0,0 +1,62 @@ +From 33cd26f945925d64e0ccef41d13be17e84f99f44 Mon Sep 17 00:00:00 2001 +From: Gabriel Kihlman <g.kihlman@yubico.com> +Date: Tue, 23 Jun 2020 16:25:16 +0200 +Subject: [PATCH 21/25] Github Actions: do not run scan if missing credentials + +Also toggle workflow to fail if there are warnings. + +Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com> +--- + .github/workflows/scan.yml | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml +index ec6ba52..09f16ab 100644 +--- a/.github/workflows/scan.yml ++++ b/.github/workflows/scan.yml +@@ -1,4 +1,5 @@ + name: static code analysis ++# Documentation: https://github.com/Yubico/yes-static-code-analysis + + on: + push: +@@ -8,6 +9,7 @@ on: + env: + SCAN_IMG: + yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1 ++ SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }} + + jobs: + build: +@@ -16,17 +18,18 @@ jobs: + steps: + - uses: actions/checkout@master + +- - name: Prep scan ++ - name: Scan and fail on warnings + run: | +- docker login yes-docker-local.artifactory.in.yubico.org/ \ +- -u svc-static-code-analysis-reader \ +- -p ${{ secrets.ARTIFACTORY_READER_TOKEN }} +- docker pull ${SCAN_IMG} +- +- - name: Scan but do not fail on warnings +- run: | +- docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ +- -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG} || true ++ if [ "${SECRET}" != "" ]; then ++ docker login yes-docker-local.artifactory.in.yubico.org/ \ ++ -u svc-static-code-analysis-reader -p ${SECRET} ++ docker pull ${SCAN_IMG} ++ docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ ++ -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} \ ++ -e PVS_IGNORE_WARNINGS=${PVS_IGNORE_WARNINGS} -t ${SCAN_IMG} ++ else ++ echo "No docker registry credentials, not scanning" ++ fi + + - uses: actions/upload-artifact@master + if: failure() +-- +2.32.0 + |