From 506a0da89ca0a62090e6c843be922d2ab96e3541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Walther?= Date: Wed, 10 Aug 2022 16:00:50 +0200 Subject: [PATCH 1/4] Added audit workflow --- .github/workflows/audit.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/audit.yml diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000000..5d3b5bbba0 --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,34 @@ +name: Daily security audit + +on: workflow_dispatch +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions-rs/audit-check@v1 + + notification: + needs: build + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v2 + - name: Keybase - Node Install + run: npm install + working-directory: .github/workflows/support-files + - name: Keybase - Send Notification + env: + NYM_NOTIFICATION_KIND: nightly + NYM_PROJECT_NAME: "Nym daily audit" + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + GIT_COMMIT_MESSAGE: "${{ github.event.head_commit.message }}" + GIT_BRANCH: "${GITHUB_REF##*/}" + KEYBASE_NYMBOT_USERNAME: "${{ secrets.KEYBASE_NYMBOT_USERNAME }}" + KEYBASE_NYMBOT_PAPERKEY: "${{ secrets.KEYBASE_NYMBOT_PAPERKEY }}" + KEYBASE_NYMBOT_TEAM: "${{ secrets.KEYBASE_NYMBTECH_TEAM }}" + KEYBASE_NYM_CHANNEL: "test" + IS_SUCCESS: "${{ env.WORKFLOW_CONCLUSION == 'success' }}" + uses: docker://keybaseio/client:stable-node + with: + args: .github/workflows/support-files/notifications/entry_point.sh From 5b98e18a4ef164202898fdad2774958358577dd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Walther?= Date: Wed, 10 Aug 2022 16:03:11 +0200 Subject: [PATCH 2/4] Added audit workflow --- .github/workflows/audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 5d3b5bbba0..dd04719e87 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -9,7 +9,7 @@ jobs: - uses: actions-rs/audit-check@v1 notification: - needs: build + needs: security_audit runs-on: ubuntu-latest steps: - name: Check out repository code From 6deb481e5df9682165d78d8adec12a6bc1080b14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Walther?= Date: Wed, 10 Aug 2022 16:09:05 +0200 Subject: [PATCH 3/4] Added audit workflow --- .github/workflows/audit.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index dd04719e87..bf596b12eb 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -7,6 +7,8 @@ jobs: steps: - uses: actions/checkout@v1 - uses: actions-rs/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} notification: needs: security_audit From d080d661f7d48dded24e6c49408133db9067dc01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Walther?= Date: Wed, 10 Aug 2022 16:29:54 +0200 Subject: [PATCH 4/4] Added audit workflow --- .github/workflows/audit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index bf596b12eb..e4fcff684e 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -11,6 +11,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} notification: + if: ${{ failure() }} needs: security_audit runs-on: ubuntu-latest steps: