Skip to content

Handle CWE name

Handle CWE name #282

Workflow file for this run

# Our desired pipeline using only a Nix shell environment
name: nix build
on:
- push
- pull_request
jobs:
tools_changed:
continue-on-error: true
runs-on: ubuntu-22.04
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/[email protected]
with:
concurrent_skipping: "never"
skip_after_successful_duplicate: "true"
paths: '["code/**"]'
do_not_skip: '["push", "workflow_dispatch", "schedule"]'
check_nix:
name: Check nix build
needs: tools_changed
if: ${{ needs.tools_changed.outputs.should_skip != 'true' }}
runs-on: ubuntu-22.04
steps:
- name: git checkout
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
with:
extra-conf: system-features = nixos-test benchmark big-parallel kvm
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Check Nix flake inputs
uses: DeterminateSystems/flake-checker-action@v4
- name: Build executable
run: nix -L build
- name: Bild docker image
run: nix build -L '.#packages.x86_64-linux.hsec-tools-image'
- run: mkdir -p ~/.local/dockerImages
- run: cp result ~/.local/dockerImages/hsec-tools
- id: code-hash
name: Compute code directory hash
run: |
code_hash=$(git rev-parse HEAD:code)
echo "code-hash=$code_hash" >> "$GITHUB_OUTPUT"
- uses: actions/cache/save@v3
if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
with:
key: hsec-tools-${{ steps.code-hash.outputs.code-hash}}
path: ~/.local/dockerImages
- name: upload executable
uses: actions/upload-artifact@v3
with:
name: hsec-tools-${{ github.sha }}
path: ~/.local/dockerImages
check-advisories:
name: Invoke check-advisories workflow
if: ${{ needs.tools_changed.outputs.should_skip != 'true' }}
needs: check_nix
uses: ./.github/workflows/check-advisories.yml
with:
fetch-key: hsec-tools-${{ github.sha }}
is-artifact: true