username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

ci: Use containers for all lint jobs (podman)
All checks were successful
Lint & Security / Secret Scanning (push) Successful in 2s
Details
Lint & Security / Shell Script Analysis (push) Successful in 5s
Details
Lint & Security / C/C++ Static Analysis (push) Successful in 17s
Details
Lint & Security / Security Flaw Analysis (push) Successful in 16s
Details

Browse Source
This commit is contained in:
user
2026-02-05 12:10:16 +01:00
parent 7b9f0b9242
commit cae599f49f
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
.gitea/workflows/lint.yml
View File

@@ -10,7 +10,13 @@ jobs:
cppcheck: cppcheck:
name: C/C++ Static Analysis name: C/C++ Static Analysis
runs-on: anvil runs-on: anvil
container:
image: docker.io/library/debian:bookworm-slim
steps: steps:
- name: Install tools
run: |
apt-get update && apt-get install -y --no-install-recommends git cppcheck ca-certificates
- name: Checkout - name: Checkout
run: | run: |
git clone --depth=1 --branch=${{ github.ref_name }} \ git clone --depth=1 --branch=${{ github.ref_name }} \
@@ -28,39 +34,47 @@ jobs:
flawfinder: flawfinder:
name: Security Flaw Analysis name: Security Flaw Analysis
runs-on: anvil runs-on: anvil
container:
image: docker.io/library/python:3.12-slim
steps: steps:
- name: Install tools
run: |
apt-get update && apt-get install -y --no-install-recommends git ca-certificates
pip install --no-cache-dir flawfinder
- name: Checkout - name: Checkout
run: | run: |
git clone --depth=1 --branch=${{ github.ref_name }} \ git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git . https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Install and run flawfinder - name: Run flawfinder
run: | run: |
python3 -m pip install --user flawfinder flawfinder --minlevel=2 --error-level=4 \
~/.local/bin/flawfinder --minlevel=2 --error-level=4 \
get-started/csi_recv_router/main/ get-started/csi_recv_router/main/
gitleaks: gitleaks:
name: Secret Scanning name: Secret Scanning
runs-on: anvil runs-on: anvil
container:
image: docker.io/zricethezav/gitleaks:latest
steps: steps:
- name: Checkout - name: Checkout
run: | run: |
git clone --branch=${{ github.ref_name }} \ git clone --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git . https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Install and run gitleaks - name: Run gitleaks
run: | run: gitleaks detect --source . --verbose --redact
GITLEAKS_VERSION="8.18.4"
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
-o /tmp/gitleaks.tar.gz
tar -xzf /tmp/gitleaks.tar.gz -C /tmp gitleaks
/tmp/gitleaks detect --source . --verbose --redact
shellcheck: shellcheck:
name: Shell Script Analysis name: Shell Script Analysis
runs-on: anvil runs-on: anvil
container:
image: docker.io/koalaman/shellcheck-alpine:stable
steps: steps:
- name: Install git
run: apk add --no-cache git
- name: Checkout - name: Checkout
run: | run: |
git clone --depth=1 --branch=${{ github.ref_name }} \ git clone --depth=1 --branch=${{ github.ref_name }} \