Commit Graph

25 Commits

Author SHA1 Message Date
Roland Dobai
558392b998 Merge branch 'feature/vulnerability_scan' into 'master'
feat: use esp-idf-sbom-action for vulnerability scan

Closes IDF-8805 and IDF-5187

See merge request espressif/esp-idf!27688
2023-12-11 21:57:05 +08:00
Frantisek Hrbata
5ec411679b feat: use esp-idf-sbom-action for vulnerability scan
This adds a github action, which performs continuous vulnerability
scanning using the esp-idf-sbom-action github action. The test
is scheduled everyday at midnight and it's also possible to start
it as dispatched workflow. This scans all possible manifest files
in repository. The references for scanning are defined in github's
VULNERABILITY_SCAN_REFS variable and a json list. For example
['master', 'release/v5.2', 'release/v5.1', 'release/v5.0', 'release/v4.4']

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-07 10:03:54 +01:00
Tomas Sebestik
2ad861964e
ci(danger-github): replace local Danger code by org action 2023-12-05 12:56:58 +01:00
Laukik Hase
6fc878f857
fix(ci): Use latest stable actions/checkout@v3 instead of v2 for GitHub Actions 2023-10-30 13:43:10 +05:30
Tomas Sebestik
b1a2997831 fix: GitHub action PR pre-commit check 2023-10-05 07:20:20 +02:00
Tomas Sebestik
5295b51fcd ci(danger-github): Fix github-action-bot permissions for posting Danger output 2023-08-24 14:15:11 +02:00
Roland Dobai
686265298d ci(github): Update Python to 3.8 for pre-commit checks
Fixes issue "ERROR: Package 'conventional-precommit-linter' requires a
different Python: 3.7.17 not in '>=3.8'" of all Pull Requests.

Python 3.7 support will be dropped soon in the upcoming ESP-IDF v5.2
version.
2023-07-12 08:14:21 +02:00
Tomas Sebestik
7add582eb7 ci(danger): add dangerjs for GitHub
Add GitHub workflow for running dangerjs on pull requests.
Add GitHub layout for DangerJS.
2023-05-29 08:23:04 +02:00
nathannaveen
8290ee4296 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
2022-07-03 00:58:46 +00:00
Ivan Grokhotkov
212cbc3fb6
tools/docker: add README.md file to be displayed on Docker Hub
Closes https://github.com/espressif/esp-idf/issues/7933
2022-05-26 03:44:13 +02:00
Ivan Grokhotkov
6dc52d4425
ci: build and push Docker images in Github actions, add arm64 platform
Replaces the previously used Docker Hub autobuild infrastructure.
This allows for more flexible configuration of the build process,
at the expense of some extra maintenance of CI workflow files
required.
2022-05-26 03:44:13 +02:00
Laukik Hase
9857049521
gh_actions: Don't use outdated actions/checkout@master 2022-03-05 12:23:31 +05:30
Ivan Grokhotkov
d8f56d4042
github: fix pre-commit failure for PRs from forks 2022-03-01 20:07:35 +01:00
Ivan Grokhotkov
df38abf19c
github: verify pre-commit checks for PRs in Github Actions 2022-02-21 20:32:28 +03:00
Roland Dobai
d3aa071dcb CI: Fix Python linter on Github
Closes https://github.com/espressif/esp-idf/pull/8366
2022-02-09 16:38:12 +01:00
Ivan Grokhotkov
7177b4fa95 ci: limit github-jira sync actions to a single concurrent run
to prevent race conditions when two workflows related to the same new
issue are triggered within a short interval.
2022-01-07 12:51:51 +01:00
Laukik Hase
eb766a25e0 gh_actions: Sync approved PRs to internal codebase
- Changed trigger from pull_request_review to pull_request_target [labeled]
2021-11-22 12:56:42 +08:00
Laukik Hase
995b398165 gh_action: Sync approved Github PRs to Gitlab
- Checks for forbidden files modification (.gitlab/.github) and PR approver access level
- Approver decides the approach for PR merging (Rebase or direct Merge)
2021-10-26 12:46:42 +08:00
Ivan Grokhotkov
036aae0a2c github: remove lint jobs for unsupported python versions 2021-09-01 19:39:17 +02:00
Angus Gratton
83ccca7a19 ci: Use GitHub Actions to generate recursive source code zips for releases
We do this for all ESP-IDF releases, this step automates it.

Uses action added in https://github.com/espressif/github-actions/pull/10
2021-04-16 09:58:49 +10:00
morris
d003f96a9d gh_action: fix python lint 2020-05-20 10:50:10 +08:00
morris
e51bd6deaf gh-action:fix python lint 2020-01-01 12:56:33 +08:00
suda-morris
938069de75 gh_action: add cron job to sync remaining PRs 2019-10-29 13:10:00 +08:00
suda-morris
58577db086 gh_action: fix error on new pull request
1. Disable the broken pull request sync temporarily
2. move python lint from travis to github action
2019-09-17 21:59:31 +08:00
suda-morris
b64551718c gh_action: converted main.workflow to Actions V2 yml files 2019-08-12 19:45:48 +08:00