username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity
Files
7b9f0b9242c6d66624434b73b0cc6919c4d87398
esp32-hacking/.gitea/workflows/lint.yml
user 7b9f0b9242
Some checks failed
Lint & Security / C/C++ Static Analysis (push) Failing after 1s
Details
Lint & Security / Security Flaw Analysis (push) Failing after 2s
Details
Lint & Security / Secret Scanning (push) Successful in 1s
Details
Lint & Security / Shell Script Analysis (push) Successful in 1s
Details
ci: Download gitleaks binary, use python3 -m pip for flawfinder
2026-02-05 12:08:17 +01:00

78 lines
2.4 KiB
YAML
Raw Blame History

name: Lint & Security
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
cppcheck:
name: C/C++ Static Analysis
runs-on: anvil
steps:
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Run cppcheck
run: |
cppcheck --enable=warning,style,performance,portability \
--suppress=missingIncludeSystem \
--error-exitcode=1 \
--inline-suppr \
-I get-started/csi_recv_router/main \
get-started/csi_recv_router/main/*.c
flawfinder:
name: Security Flaw Analysis
runs-on: anvil
steps:
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Install and run flawfinder
run: |
python3 -m pip install --user flawfinder
~/.local/bin/flawfinder --minlevel=2 --error-level=4 \
get-started/csi_recv_router/main/
gitleaks:
name: Secret Scanning
runs-on: anvil
steps:
- name: Checkout
run: |
git clone --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Install and run gitleaks
run: |
GITLEAKS_VERSION="8.18.4"
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
-o /tmp/gitleaks.tar.gz
tar -xzf /tmp/gitleaks.tar.gz -C /tmp gitleaks
/tmp/gitleaks detect --source . --verbose --redact
shellcheck:
name: Shell Script Analysis
runs-on: anvil
steps:
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Find and check shell scripts
run: |
SCRIPTS=$(find . -name "*.sh" -type f 2>/dev/null || true)
if [ -n "$SCRIPTS" ]; then
echo "Checking: $SCRIPTS"
echo "$SCRIPTS" | xargs shellcheck --severity=warning
else
echo "No shell scripts found, skipping"
fi
Reference in New Issue View Git Blame Copy Permalink