2 files changed, 59 insertions, 0 deletions
diff --git a/.github/workflows/cifuzz_oss.yml b/.github/workflows/cifuzz_oss.yml
new file mode 100644
index 0000000..cbb334c
--- /dev/null
+++ b/.github/workflows/cifuzz_oss.yml
@@ -0,0 +1,23 @@
+name: CIFuzz
+on: [pull_request]
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'libfido2'
+        dry-run: false
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'libfido2'
+        fuzz-seconds: 600
+        dry-run: false
+    - name: Upload Crash
+      uses: actions/upload-artifact@v1
+      if: failure()
+      with:
+        name: artifacts
+        path: ./out/artifacts
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 0000000..008961b
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,36 @@
+name: static code analysis
+on:
+  push:
+  schedule:
+    - cron: '0 0 * * 1'
+env:
+  SCAN_IMG:
+    yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
+  SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - name: Scan but do not fail on warnings
+      run: |
+        if [ "${SECRET}" != "" ]; then
+          docker login yes-docker-local.artifactory.in.yubico.org/ \
+             -u svc-static-code-analysis-reader \
+             -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+          docker pull ${SCAN_IMG}
+          docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
+             -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
+        fi
+      continue-on-error: true
+    - uses: actions/upload-artifact@master
+      if: failure()
+      with:
+        name: suppression_files
+        path: suppression_files

diff --git a/.github/workflows/cifuzz_oss.yml b/.github/workflows/cifuzz_oss.yml new file mode 100644 index 0000000..cbb334c --- /dev/null +++ b/.github/workflows/cifuzz_oss.yml
@@ -0,0 +1,23 @@
	1	name: CIFuzz
	2	on: [pull_request]
	3	jobs:
	4	Fuzzing:
	5	runs-on: ubuntu-latest
	6	steps:
	7	- name: Build Fuzzers
	8	uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
	9	with:
	10	oss-fuzz-project-name: 'libfido2'
	11	dry-run: false
	12	- name: Run Fuzzers
	13	uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
	14	with:
	15	oss-fuzz-project-name: 'libfido2'
	16	fuzz-seconds: 600
	17	dry-run: false
	18	- name: Upload Crash
	19	uses: actions/upload-artifact@v1
	20	if: failure()
	21	with:
	22	name: artifacts
	23	path: ./out/artifacts


diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml new file mode 100644 index 0000000..008961b --- /dev/null +++ b/.github/workflows/scan.yml
@@ -0,0 +1,36 @@
	1	name: static code analysis
	2
	3	on:
	4	push:
	5	schedule:
	6	- cron: '0 0 * * 1'
	7
	8	env:
	9	SCAN_IMG:
	10	yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
	11	SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
	12
	13	jobs:
	14	build:
	15	runs-on: ubuntu-latest
	16
	17	steps:
	18	- uses: actions/checkout@master
	19
	20	- name: Scan but do not fail on warnings
	21	run: \|
	22	if [ "${SECRET}" != "" ]; then
	23	docker login yes-docker-local.artifactory.in.yubico.org/ \
	24	-u svc-static-code-analysis-reader \
	25	-p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
	26	docker pull ${SCAN_IMG}
	27	docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
	28	-e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
	29	fi
	30	continue-on-error: true
	31
	32	- uses: actions/upload-artifact@master
	33	if: failure()
	34	with:
	35	name: suppression_files
	36	path: suppression_files