username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

ci: Use containers for all lint jobs (podman)
All checks were successful
Lint & Security / Secret Scanning (push) Successful in 2s
Details
Lint & Security / Shell Script Analysis (push) Successful in 5s
Details
Lint & Security / C/C++ Static Analysis (push) Successful in 17s
Details
Lint & Security / Security Flaw Analysis (push) Successful in 16s
Details

Browse Source
This commit is contained in:
user
2026-02-05 12:10:16 +01:00
parent 7b9f0b9242
commit cae599f49f
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
.gitea/workflows/lint.yml
View File

@@ -10,7 +10,13 @@ jobs:
cppcheck:
name: C/C++ Static Analysis
runs-on: anvil
container:
image: docker.io/library/debian:bookworm-slim
steps:
- name: Install tools
run: |
apt-get update && apt-get install -y --no-install-recommends git cppcheck ca-certificates
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
@@ -28,39 +34,47 @@ jobs:
flawfinder:
name: Security Flaw Analysis
runs-on: anvil
container:
image: docker.io/library/python:3.12-slim
steps:
- name: Install tools
run: |
apt-get update && apt-get install -y --no-install-recommends git ca-certificates
pip install --no-cache-dir flawfinder
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Install and run flawfinder
- name: Run flawfinder
run: |
python3 -m pip install --user flawfinder
~/.local/bin/flawfinder --minlevel=2 --error-level=4 \
flawfinder --minlevel=2 --error-level=4 \
get-started/csi_recv_router/main/
gitleaks:
name: Secret Scanning
runs-on: anvil
container:
image: docker.io/zricethezav/gitleaks:latest
steps:
- name: Checkout
run: |
git clone --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Install and run gitleaks
run: |
GITLEAKS_VERSION="8.18.4"
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
-o /tmp/gitleaks.tar.gz
tar -xzf /tmp/gitleaks.tar.gz -C /tmp gitleaks
/tmp/gitleaks detect --source . --verbose --redact
- name: Run gitleaks
run: gitleaks detect --source . --verbose --redact
shellcheck:
name: Shell Script Analysis
runs-on: anvil
container:
image: docker.io/koalaman/shellcheck-alpine:stable
steps:
- name: Install git
run: apk add --no-cache git
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \