-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 2e36510
Showing
12 changed files
with
868 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
use flake | ||
dotenv_if_exists .env |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
name: "CI" | ||
on: | ||
pull_request: | ||
push: | ||
create: | ||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
jobs: | ||
tests: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: cachix/install-nix-action@v20 | ||
with: | ||
github_access_token: ${{ secrets.GITHUB_TOKEN }} | ||
extra_nix_config: | | ||
system-features = nixos-test benchmark big-parallel kvm | ||
- uses: docker/setup-buildx-action@v2 | ||
- run: nix build -L | ||
- run: nix build -L '.#packages.x86_64-linux.wgithub-action-scan-image' | ||
- run: nix flake check | ||
publish: | ||
needs: tests | ||
if: startsWith(github.ref, 'refs/tags/v') | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: cachix/install-nix-action@v20 | ||
with: | ||
github_access_token: ${{ secrets.GITHUB_TOKEN }} | ||
extra_nix_config: | | ||
system-features = nixos-test benchmark big-parallel kvm | ||
- uses: docker/setup-buildx-action@v2 | ||
- name: Extract tag name | ||
shell: bash | ||
run: echo "##[set-output name=tag;]$(echo ${GITHUB_REF##*/})" | ||
id: extract_tag | ||
- run: nix build -L '.#packages.x86_64-linux.github-action-scan-image' | ||
- run: docker load -i result | ||
- name: Log in to the Container registry | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- run: docker tag blackheaven/haskell-security-action ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.extract_tag.outputs.tag }} | ||
- run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.extract_tag.outputs.tag }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
##### Haskell | ||
dist | ||
dist-* | ||
cabal-dev | ||
*.o | ||
*.hi | ||
*.hie | ||
*.chi | ||
*.chs.h | ||
*.dyn_o | ||
*.dyn_hi | ||
.hpc | ||
.hsenv | ||
.cabal-sandbox/ | ||
cabal.sandbox.config | ||
*.prof | ||
*.aux | ||
*.hp | ||
*.eventlog | ||
.stack-work/ | ||
cabal.project.local | ||
cabal.project.local~ | ||
.HTF/ | ||
.ghc.environment.* | ||
build | ||
bin-* | ||
|
||
result | ||
.direnv | ||
.env |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# Contributing | ||
|
||
Every feedback is welcome! | ||
|
||
Do not hesitate to: | ||
|
||
- Report bugs | ||
- Open discussions around the current state of the code | ||
- Request new features | ||
- Submit fixes/improvments | ||
|
||
everything happen through Github, use Issues/Pull requests features. | ||
|
||
See the [Github Flow](https://guides.github.com/introduction/flow/index.html). | ||
|
||
## Pull requests | ||
|
||
The best way to have a pull requested accepted is to: | ||
|
||
1. Fork the repo and create your branch from `master` | ||
2. If you've added code that should be tested, add tests | ||
3. If you've changed APIs, update the documentation | ||
4. Ensure the test suite passes | ||
5. Make sure your code lints --------------------------------- | ||
6. Issue that pull request! | ||
|
||
## Any contributions you make will be under the ISC Software License | ||
In short, when you submit code changes, your submissions are understood to be under the same [ISC License](http://choosealicense.com/licenses/isc/) that covers the project. | ||
eel free to contact the maintainers if that's a concern. | ||
|
||
## Report bugs using Github's issues | ||
We use GitHub issues to track public bugs. Report a bug by opening a new issue it's that easy! | ||
|
||
## Write bug reports with detail, background, and sample code | ||
[This is an example](http://stackoverflow.com/q/12488905/180626) of a bug report I wrote, and I think it's not a bad model. Here's [another example from Craig Hockenberry](http://www.openradar.me/11905408), an app developer whom I greatly respect. | ||
|
||
**Great Bug Reports** tend to have: | ||
|
||
- A quick summary and/or background | ||
- Steps to reproduce | ||
- Be specific! | ||
- Give sample code if you can. [My stackoverflow question](http://stackoverflow.com/q/12488905/180626) includes sample code that *anyone* with a base R setup can run to reproduce what I was seeing | ||
- What you expected would happen | ||
- What actually happens | ||
- Notes (possibly including why you think this might be happening, or stuff you tried that didn't work) | ||
|
||
People *love* thorough bug reports. I'm not even kidding. | ||
|
||
## Use a Consistent Coding Style | ||
Try to mimic the codebase style and run [`ormolu`](https://github.com/tweag/ormolu) on each commit. | ||
|
||
## License | ||
By contributing, you agree that your contributions will be licensed under its ISC License. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
ISC License | ||
|
||
Copyright (c) 2024 Gautier DI FOLCO | ||
|
||
Permission to use, copy, modify, and/or distribute this software for any | ||
purpose with or without fee is hereby granted, provided that the above | ||
copyright notice and this permission notice appear in all copies. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH | ||
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | ||
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, | ||
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM | ||
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR | ||
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | ||
PERFORMANCE OF THIS SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# haskell-security-action | ||
|
||
Scan for vulnerabilities and create advisories on GitHub. | ||
|
||
## Usage | ||
|
||
```yaml | ||
name: security scan | ||
|
||
name: Scan for vulnerabilities | ||
on: | ||
# Scan for each push event on your protected branch | ||
# push: | ||
# branches: [ "main" ] | ||
# Scan for pull requests | ||
# pull_request: | ||
# branches: [ "main" ] | ||
# Schedule a daily scan at midnight | ||
schedule: | ||
- cron: '0 0 * * *' | ||
workflow_dispatch: | ||
|
||
jobs: | ||
haskell-security: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Run Haskell Security Action | ||
uses: blackheaven/haskell-security-action | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: Scan code security advisories | ||
description: Scan Haskell code for possible security advisories. | ||
|
||
inputs: | ||
path: | ||
description: Path of file or directory that will be scanned. | ||
required: false | ||
default: . | ||
token: | ||
description: Access token to fetch the repository and write the code scanning results from github-action-scan to GitHub code scanning. | ||
required: false | ||
default: ${{ github.token }} | ||
repository: | ||
description: The name of the repository without the .git extension. The name is not case sensitive. | ||
required: false | ||
default: ${{ github.repository }} | ||
ref: | ||
description: The full Git reference, formatted as refs/heads/<branch name>, refs/tags/<tag>, refs/pull/<number>/merge, or refs/pull/<number>/head. | ||
required: false | ||
default: ${{ github.ref }} | ||
commitSha: | ||
description: The SHA of the commit to which the analysis you are uploading relates. | ||
required: false | ||
default: ${{ github.sha }} | ||
|
||
outputs: | ||
sarif-id: | ||
description: The ID of the uploaded SARIF file. | ||
value: ${{ steps.upload-sarif.outputs.sarif-id }} | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: "Run Haskell Security Action" | ||
run: | | ||
docker run --rm \ | ||
-v ${{ inputs.path }}:/repository \ | ||
ghcr.io/blackheaven/haskell-security-action:latest \ | ||
--token ${{ inputs.token }} \ | ||
--owner-repository ${{ inputs.repository }} \ | ||
--ref ${{ inputs.ref }} \ | ||
--commit-sha ${{ inputs.commitSha }} | ||
shell: bash | ||
|
||
branding: | ||
icon: 'search' | ||
color: 'purple' |
Oops, something went wrong.