From bcb75a21dc58e1f5d592af1b18d70944605a7aa5 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Wed, 24 Jan 2024 12:18:39 -0300 Subject: [PATCH 1/5] remove workflow --- .github/workflows/secret-scanning.yml | 39 --------------------------- 1 file changed, 39 deletions(-) delete mode 100644 .github/workflows/secret-scanning.yml diff --git a/.github/workflows/secret-scanning.yml b/.github/workflows/secret-scanning.yml deleted file mode 100644 index d76ec7f..0000000 --- a/.github/workflows/secret-scanning.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Secret Scanning - -on: - push: - branches: - - main - pull_request: - -permissions: - contents: read - id-token: write - issues: write - pull-requests: write - -jobs: - TruffleHog: - runs-on: ubuntu-latest - defaults: - run: - shell: bash - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Secret Scanning - TruffleHog - id: trufflehog - uses: trufflesecurity/trufflehog@main - continue-on-error: true - with: - path: ./ - base: "${{ github.event.repository.default_branch }}" - head: HEAD - extra_args: --debug - - - name: Scan Results Status - if: steps.trufflehog.outcome == 'failure' - run: exit 1 \ No newline at end of file From 0ccfb65f367378b73ad3be600e065128072da729 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Wed, 24 Jan 2024 13:19:28 -0300 Subject: [PATCH 2/5] add targets/ --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index ccc9fd9..3ce20a1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -*.DS_Store \ No newline at end of file +*.DS_Store +targets/ \ No newline at end of file From 668a5b51ecb8e4eb7701f2a66d940b8041df1158 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Thu, 25 Jan 2024 16:17:16 -0300 Subject: [PATCH 3/5] improve gh workflows --- .github/workflows/sast.yml | 13 ++++++++----- .github/workflows/security-gate.yml | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index c316226..c2b539e 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -1,4 +1,4 @@ -name: Testing on Ubuntu +name: ZARN - Static Analysis on: pull_request: @@ -7,15 +7,18 @@ on: - develop jobs: - build: + zarn: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Install dependencies + - name: Install Perl and cpanminus run: | - sudo apt install -y perl cpanminus - sudo cpanm --installdeps . + apt update + apt install -y make perl cpanminus + - name: Install dependencies using cpanm + run: | + cpanm --installdeps -f --notest . - name: Verify the basic usage run: | perl zarn.pl --source . --sarif zarn.sarif diff --git a/.github/workflows/security-gate.yml b/.github/workflows/security-gate.yml index f51e8da..529557d 100644 --- a/.github/workflows/security-gate.yml +++ b/.github/workflows/security-gate.yml @@ -7,7 +7,7 @@ on: - develop jobs: - build: + gate: runs-on: ubuntu-latest env: MAX_CRITICAL: 0 From 59bc3aad3cea10d48b6c31c7094850578bac4fb5 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Thu, 25 Jan 2024 16:17:33 -0300 Subject: [PATCH 4/5] update dependencies --- cpanfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpanfile b/cpanfile index 2bf8227..1cad3e8 100644 --- a/cpanfile +++ b/cpanfile @@ -1,5 +1,5 @@ +requires "JSON"; requires "File::Find::Rule", "0.34"; requires "Getopt::Long", "2.54"; requires "YAML::Tiny", "1.73"; -requires "PPI::Document", "1.276"; -requires "JSON"; \ No newline at end of file +requires "PPI::Document"; \ No newline at end of file From d7dd655d25f29e54c0e737fb4912e68f43776ab9 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Thu, 25 Jan 2024 16:19:45 -0300 Subject: [PATCH 5/5] return sudo --- .github/workflows/sast.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index c2b539e..e388f8b 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -14,11 +14,10 @@ jobs: - uses: actions/checkout@v4 - name: Install Perl and cpanminus run: | - apt update - apt install -y make perl cpanminus + sudo apt install -y make perl cpanminus - name: Install dependencies using cpanm run: | - cpanm --installdeps -f --notest . + sudo cpanm --installdeps -f --notest . - name: Verify the basic usage run: | perl zarn.pl --source . --sarif zarn.sarif