summaryrefslogtreecommitdiff
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/cifuzz_oss.yml23
-rw-r--r--.github/workflows/scan.yml36
2 files changed, 59 insertions, 0 deletions
diff --git a/.github/workflows/cifuzz_oss.yml b/.github/workflows/cifuzz_oss.yml
new file mode 100644
index 0000000..cbb334c
--- /dev/null
+++ b/.github/workflows/cifuzz_oss.yml
@@ -0,0 +1,23 @@
1name: CIFuzz
2on: [pull_request]
3jobs:
4 Fuzzing:
5 runs-on: ubuntu-latest
6 steps:
7 - name: Build Fuzzers
8 uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
9 with:
10 oss-fuzz-project-name: 'libfido2'
11 dry-run: false
12 - name: Run Fuzzers
13 uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
14 with:
15 oss-fuzz-project-name: 'libfido2'
16 fuzz-seconds: 600
17 dry-run: false
18 - name: Upload Crash
19 uses: actions/upload-artifact@v1
20 if: failure()
21 with:
22 name: artifacts
23 path: ./out/artifacts
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 0000000..008961b
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,36 @@
1name: static code analysis
2
3on:
4 push:
5 schedule:
6 - cron: '0 0 * * 1'
7
8env:
9 SCAN_IMG:
10 yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
11 SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
12
13jobs:
14 build:
15 runs-on: ubuntu-latest
16
17 steps:
18 - uses: actions/checkout@master
19
20 - name: Scan but do not fail on warnings
21 run: |
22 if [ "${SECRET}" != "" ]; then
23 docker login yes-docker-local.artifactory.in.yubico.org/ \
24 -u svc-static-code-analysis-reader \
25 -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
26 docker pull ${SCAN_IMG}
27 docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
28 -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
29 fi
30 continue-on-error: true
31
32 - uses: actions/upload-artifact@master
33 if: failure()
34 with:
35 name: suppression_files
36 path: suppression_files