From 0385f99c725248a30a44b56c51681c39296cf181 Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Wed, 30 Nov 2022 00:13:56 +0100 Subject: [PATCH 1/2] Adding a guarddog runner. Mainly for future prep, when we start using external dependencies. --- .github/workflows/guarddog.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/guarddog.yml diff --git a/.github/workflows/guarddog.yml b/.github/workflows/guarddog.yml new file mode 100644 index 0000000000..0aa480a646 --- /dev/null +++ b/.github/workflows/guarddog.yml @@ -0,0 +1,19 @@ +on: [ push, pull_request ] +name: guarddog security checkup +jobs: + guarddog: + runs-on: ubuntu-latest + container: + image: archlinux:latest + steps: + - uses: actions/checkout@v3 + - run: pacman --noconfirm -Syu git python python-setuptools python-pip python-build python-poetry + - run: python -m pip install --upgrade pip + - run: pip install git+https://github.com/DataDog/guarddog.git + - run: python --version + - name: run build + run: python -m build + - name: run guarddog on archinstall + run: guarddog scan dist/*.tar.gz --exit-non-zero-on-finding + - name: run guarddog on dependencies + run: xargs guarddog scan --exit-non-zero-on-finding Date: Wed, 30 Nov 2022 00:16:41 +0100 Subject: [PATCH 2/2] Rename guarddog.yml to guarddog.yaml --- .github/workflows/{guarddog.yml => guarddog.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{guarddog.yml => guarddog.yaml} (97%) diff --git a/.github/workflows/guarddog.yml b/.github/workflows/guarddog.yaml similarity index 97% rename from .github/workflows/guarddog.yml rename to .github/workflows/guarddog.yaml index 0aa480a646..859929c9bd 100644 --- a/.github/workflows/guarddog.yml +++ b/.github/workflows/guarddog.yaml @@ -16,4 +16,4 @@ jobs: - name: run guarddog on archinstall run: guarddog scan dist/*.tar.gz --exit-non-zero-on-finding - name: run guarddog on dependencies - run: xargs guarddog scan --exit-non-zero-on-finding