Add support for security.txt

Linaro · Feb 23, 2024 · 9873e3d · 9873e3d
1 parent 5afd7b0
commit 9873e3d
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -22,6 +22,21 @@ jobs:
       - name: Initialise environment
         run: cat "$GITHUB_WORKSPACE/website/.github-env-${GITHUB_REF##*/}" >> $GITHUB_ENV
 
+      - name: set branch env
+        run: echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV
+      - name: security.txt
+        # If running on main branch, add signed security.txt file to repo before building
+        if: env.BRANCH == 'main'
+        run: |
+          cd "$GITHUB_WORKSPACE/website"
+          /srv/github-action-scripts/sign-security.sh
+          if [ -f "security.txt.asc" ]; then
+            mkdir "public/.well-known"
+            mv security.txt.asc "public/.well-known/security.txt"
+          else
+            echo "No security.txt.asc produced"
+          fi
+
       - name: Build site
         run: cd ${{ github.workspace }}/website && /srv/github-action-scripts/build-astro-site.sh
 

diff --git a/.gitignore b/.gitignore
@@ -14,3 +14,5 @@ pnpm-debug.log*
 
 # macOS-specific files
 .DS_Store
+
+public/.well-known
diff --git a/security.txt b/security.txt
@@ -0,0 +1,2 @@
+Contact: mailto:psirt@linaro.org
+Canonical: https://www.lavasoftare.org/.well-known/security.txt
Original file line number	Diff line number	Diff line change
Expand Up		@@ -14,3 +14,5 @@ pnpm-debug.log*

		# macOS-specific files
		.DS_Store

		public/.well-known
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		Contact: mailto:psirt@linaro.org
		Canonical: https://www.lavasoftare.org/.well-known/security.txt