From be3cab7ae2d388b1e0455f267704cc72d12f4aed Mon Sep 17 00:00:00 2001 From: Tristan Cacqueray Date: Wed, 27 Nov 2024 16:37:44 -0500 Subject: [PATCH 1/2] Add OSV schema validation --- .github/workflows/nix.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index c94954f8..2a2af7cf 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -59,6 +59,10 @@ jobs: mkdir -p $DATA_DIR/$YEAR docker run --rm -v $PWD:/repo --workdir /repo haskell/hsec-tools:latest /bin/hsec-tools osv "$FILE" > $DATA_DIR/$YEAR/$ID.json done < <(find advisories -type f -name "*.md" | grep -v '^advisories/reserved/') + - name: Validate OSV data + run: | + curl -OL https://raw.githubusercontent.com/ossf/osv-schema/refs/heads/main/validation/schema.json + nix develop nixpkgs#json-schema --command check-jsonschema --schemafile ./schema.json ./osv/*/*.json - name: Publish OSV data if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'haskell/security-advisories' }} env: From 973b3eb836bba78794941f9b93e7da1362c660ba Mon Sep 17 00:00:00 2001 From: Tristan de Cacqueray Date: Wed, 11 Dec 2024 21:52:51 +0000 Subject: [PATCH 2/2] Update .github/workflows/nix.yml Co-authored-by: Gautier DI FOLCO --- .github/workflows/nix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 2a2af7cf..59f3a40d 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -62,7 +62,7 @@ jobs: - name: Validate OSV data run: | curl -OL https://raw.githubusercontent.com/ossf/osv-schema/refs/heads/main/validation/schema.json - nix develop nixpkgs#json-schema --command check-jsonschema --schemafile ./schema.json ./osv/*/*.json + nix run "nixpkgs#check-jsonschema" -- --schemafile ./schema.json ./osv/*/*.json - name: Publish OSV data if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'haskell/security-advisories' }} env: