aboutsummaryrefslogtreecommitdiff
path: root/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch
diff options
context:
space:
mode:
Diffstat (limited to 'libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch')
-rw-r--r--libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch62
1 files changed, 62 insertions, 0 deletions
diff --git a/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch b/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch
new file mode 100644
index 000000000000..66ceb1d9b3d7
--- /dev/null
+++ b/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch
@@ -0,0 +1,62 @@
+From 33cd26f945925d64e0ccef41d13be17e84f99f44 Mon Sep 17 00:00:00 2001
+From: Gabriel Kihlman <g.kihlman@yubico.com>
+Date: Tue, 23 Jun 2020 16:25:16 +0200
+Subject: [PATCH 21/25] Github Actions: do not run scan if missing credentials
+
+Also toggle workflow to fail if there are warnings.
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ .github/workflows/scan.yml | 23 +++++++++++++----------
+ 1 file changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
+index ec6ba52..09f16ab 100644
+--- a/.github/workflows/scan.yml
++++ b/.github/workflows/scan.yml
+@@ -1,4 +1,5 @@
+ name: static code analysis
++# Documentation: https://github.com/Yubico/yes-static-code-analysis
+
+ on:
+ push:
+@@ -8,6 +9,7 @@ on:
+ env:
+ SCAN_IMG:
+ yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
++ SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+
+ jobs:
+ build:
+@@ -16,17 +18,18 @@ jobs:
+ steps:
+ - uses: actions/checkout@master
+
+- - name: Prep scan
++ - name: Scan and fail on warnings
+ run: |
+- docker login yes-docker-local.artifactory.in.yubico.org/ \
+- -u svc-static-code-analysis-reader \
+- -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+- docker pull ${SCAN_IMG}
+-
+- - name: Scan but do not fail on warnings
+- run: |
+- docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
+- -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG} || true
++ if [ "${SECRET}" != "" ]; then
++ docker login yes-docker-local.artifactory.in.yubico.org/ \
++ -u svc-static-code-analysis-reader -p ${SECRET}
++ docker pull ${SCAN_IMG}
++ docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
++ -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} \
++ -e PVS_IGNORE_WARNINGS=${PVS_IGNORE_WARNINGS} -t ${SCAN_IMG}
++ else
++ echo "No docker registry credentials, not scanning"
++ fi
+
+ - uses: actions/upload-artifact@master
+ if: failure()
+--
+2.32.0
+